The EU-U.S. Privacy Shield international data transfer framework had its first annual review; highlights are included below.
Andrus Ansip, Commission Vice-President for the Digital Single Market, said:
The Commission stands strongly behind the Privacy Shield arrangement with the U.S. Making international data transfers sound, safe and secure benefits certified companies and European consumers and businesses, including EU SMEs. This first annual review demonstrates our commitment to create a strong certification scheme with dynamic oversight work.
Overall, the report shows that European Commission (EC) feels that the Privacy Shield continues to ensure an adequate level of protection for the personal data transferred from the EU to participating companies in the U.S. Over 2,400 companies have now been certified by the U.S. Department of Commerce.
In addition to reaffirming their support of Privacy Shield, the EC made several recommendations to further improve the functioning of the Privacy Shield, which include:
- more proactive and regular monitoring of companies’ compliance with their Privacy Shield obligations by the U.S. Department of Commerce, including regular searches by the US Department of Commerce for companies making false claims about their participation in the Privacy Shield;
- increased awareness-raising for EU individuals about how to exercise their rights under the Privacy Shield, notably on how to lodge complaints;
- closer cooperation between privacy enforcers i.e. the U.S. Department of Commerce, the Federal Trade Commission, and the EU Data Protection Authorities (DPAs);
- enshrining the protection for non-Americans offered by Presidential Policy Directive 28 (PPD-28), as part of the ongoing debate in the U.S. on the reauthorisation and reform of Section 702 of the Foreign Intelligence Surveillance Act (FISA); and
- the appointment of a permanent Privacy Shield Ombudsperson, as well as filling empty posts on the Privacy and Civil Liberties Oversight Board (PCLOB).
Read the press release here.
Our Solutions for EU-U.S. Privacy Shield
We offer three separate packages to support companies in preparing for compliance with the EU-U.S. Privacy Shield Principles ahead of self-certification with the U.S. Department of Commerce. We offer Assessment and Verification Packages to help companies assess their policies and practices against the Privacy Shield Principles. These two packages include assessing practices related to non-HR data, HR/employee data or both.
In addition, we provide a Dispute Resolution Package, which helps companies meet the requirements under Privacy Shield for having an independent dispute resolution mechanism in place to efficiently manage privacy inquiries from customers or relating to non-HR data.
The TRUSTe assessment and verification packages for Privacy Shield are delivered and managed by a team of privacy professionals using our proprietary assessment methodology that is powered by TrustArc Assessment Manager. TrustArc’s award-winning SaaS-based privacy technology platform provides interactive compliance reviews, centralized on-demand reporting and searchable audit trails.
To learn more, contact us.