Today, 23 October 2019, the European Commission published its report on the EU-U.S. Privacy Shield, to which approximately 5,000 companies are participating. The results of the Report are largely positive and confirm that the US ensures an adequate level of protection for the data transferred to it from the EU.

Furthermore, in the Report, the EU recognises a series of improvements which are related to oversight (appointment of Ombudsperson, and filling of all positions on the Privacy and Civil Liberties Oversight Board, carrying out monthly compliance checks) and redress; enforcement (seven enforcement actions have been taken by the Federal Trade Commission) and more generally, the functioning of the framework itself.

Věra Jourová, EU Commissioner for Justice, Consumers and Gender Equality, notes, “With around 5,000 participating companies, the Privacy Shield has become a success story. The annual review is an important health check for its functioning. We will continue the digital diplomacy dialogue with our U.S. counterparts to make the Shield stronger, including when it comes to oversight, enforcement and, in a longer-term, to increase convergence of our systems.”

The Commission, however, does note areas where improvement can be seen (and where they will likely expect improvement for the 2020 review), including bolstering the process for recertification (reducing time it takes to rectify), further expanding compliance checks, and developing further guidance for HR-related data.

Finally, “The Commission also expects the Federal Trade Commission to further step up its investigations into compliance with substantive requirements of the Privacy Shield and provide the Commission and the EU data protection authorities with information on ongoing investigations.”

The complete report on the third annual review of the functioning of the EU-U.S. Privacy Shield can be found here.

The Commission Staff working document can be found here.

And the Press release here.