EU-U.S. Privacy Shield: First review shows it works but implementation can be improved

Today the Commission has published the first annual report on the functioning of the EU- U.S. Privacy Shield. It shows that in its first year of operation this framework has ensured adequate protection and safeguards for personal data transferred from the EU to the U.S. All the necessary administrative structures and procedures have been put in place in the U.S., including new redress possibilities for Europeans. Safeguards regarding access to personal data by U.S. public authorities are in place. However, the implementation of the framework can be improved further.  Vice-President Ansip said: “Making international data transfers sound, safe and secure benefits certified companies and European consumers and businesses, including EU SMEs.” Commissioner Jourová added: “Our first review shows that the Privacy Shield works well, but there is room for improving its implementation. The Privacy Shield is not a document lying in a drawer. It’s a living agreement that both the EU and U.S. must actively monitor to ensure we keep guard over our high data protection standards”. The 2017 report suggests a number of ways in which this can be done, including awareness raising for EU individuals about how to exercise their rights under the Privacy Shield and more proactive and regular monitoring of companies’ compliance with their Privacy Shield obligations by the U.S. Department of Commerce, as well as stepping up cooperation between privacy enforcers, amongst other measures. A press release with more information will available here when the press conference starts, as well as Q&As on the Privacy Shield.