Second Annual Review confirms that EU-US Privacy Shield continues uninterrupted

The EU Commission’s review says that the US continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the EU to participating companies in the US. The report, issued yesterday, says that the steps taken by the US authorities to implement the recommendations made by the Commission in last year's report have improved the functioning of the framework.

The are still issued that could be improved, the Commission says. It expects the US authorities to nominate a permanent Ombudsperson by 28 February 2019 to replace the one that is currently acting. The Commission says that if the Ombudsperson position has not been filled on a permanent basis by that time, it will consider taking appropriate measures under the GDPR. However, similar warnings made previously have not been followed through.

More than 3850 companies have now been certified to Privacy Shield. The improvements made include compliance reviews. Out of the 100 companies that have been checked 21 had issues that have now been solved. Additional compliance review procedures also include the analysis of Privacy Shield participants' websites to ensure that links to privacy policies are correct, the report says. The Department of Commerce has put in place a system to identify false claims which prevents companies from claiming their compliance with the Privacy Shield, when they have not been certified.