HomeInsightsEuropean Commission publishes first review on the EU-US Privacy Shield showing it works but that implementation can be improved

Article by

The Commission has published its first annual report on the functioning of the EU-US Privacy Shield, the aim of which is to protect the personal data of anyone in the EU that is transferred to companies in the US for commercial purposes.

Overall, the report shows that the Privacy Shield continues to ensure an adequate level of protection for the personal data transferred from the EU to participating companies in the US. The US authorities have put in place the necessary structures and procedures to ensure the correct functioning of the Privacy Shield, such as new redress possibilities for EU individuals. Complaint-handling and enforcement procedures have been set up, and cooperation with the European Data protection authorities has been stepped up. The certification process is functioning well: over 2,400 companies have now been certified by the US Department of Commerce. As regards access to personal data by US public authorities for national security purposes, relevant safeguards on the US side remain in place.

The report also makes a number of recommendations to ensure the continued successful functioning of the Privacy Shield, including:

  • more proactive and regular monitoring of companies’ compliance with their Privacy Shield obligations by the US Department of Commerce; and
  • more awareness-raising for EU individuals about how to exercise their rights under the Privacy Shield, notably on how to lodge complaints.

To read the Commission’s press release in full and for a link to the report, click here.