In September 2017, the first annual review of the Privacy Shield was conducted over the course of two days in Washington, D.C. On 18 October, the European Commission published its first report on the results of the review. The European Commission concluded that, overall, the U.S. authorities have put in place the necessary structures and procedures to ensure the correct functioning of the Privacy Shield. Moreover, according to the European Commission, the certification process is functioning well with over 2,400 companies having been certified. There is, however, room for improvement.
In its report, the European Commission makes several recommendations to the U.S. authorities, both from a commercial and national security perspective, among which:
- A more proactive and regular monitoring of the companies’ compliance by the U.S. Department of Commerce;
- More awareness-raising for EU individuals about how they can exercise their rights under the Privacy Shield, notably on how to lodge complaints; and
- The swift appointment of a permanent Ombudsperson as well as appointing new members for the vacant seats on the Privacy and Civil Liberties Oversight Board.
The report will now be sent to the European Parliament, the Council, the U.S. Authorities and the Article 29 Working Party (“WP29”). The WP29, who has been critical of the Privacy Shield from the start,
Read more about the Privacy Shield in our update of 16 November 2016.