EU Commission seeks views on EU-US Privacy Shield compliance

To help it conduct the first annual review of the EU-US Privacy Shield, the EU Commission has issued a questionnaire to trade bodies and some other organisations in order to seek feedback on compliance issues. The annual review, to take place in September this year, will seek assurances on whether the key foundations of the Privacy Shield are respected. The Commission will also want to satisfy itself that the Privacy Shield certifications by companies follow the rules.

This questionnaire, sent to a select group of Privacy Shield-certified organisations seeks to find out what their experiences are so far. According to the Centre for Information Policy Leadership at Hunton & Williams LLP, the questionnaire addresses issues such as how these organisations have implemented policies, procedures and other measures to meet their Privacy Shield obligations and each of the Privacy Shield Principles; modified their business and contractual arrangements with third parties to ensure that the third parties appropriately protect the personal information they receive from Privacy Shield-certified organizations; addressed complaints and addressed the requirement to select an independent dispute resolution mechanism.

The Commission seeks responses by 5 July. On 3 July, Bruno Gencarelli, Head, International Data Transfers and Data Protection Unit at the European Commission will address Privacy Laws & Business 30th Anniversary International Conference on ‘The EU Data Protection Regulation’s influence in the wider world’, and the following day his colleague Karolina Mojzesowicz, Deputy Head, Data Protection Unit, will speak and take questions on GDPR implementation within the European Union.