EU-U.S. Privacy Shield ensures “adequate level of data protection” but could be improved, EU Commission finds

On October 18, 2017, the EU Commission published its report on the first annual review of the EU-U.S. Privacy Shield. The report reflects the Commission’s findings on the implementation and enforcement of the EU-U.S. Privacy Shield framework in its first year of operation.

According to the EU Commission, the Privacy Shield “continues to ensure an adequate level of data protection. However, there is room for improvement.”

The EU Commission believes that the United States keep “relevant safeguards” in place with regard to the access to EU citizens’ personal data by U.S. public authorities for national security purposes. In particular, U.S. rules do not allow the collection and subsequent use of electronic communications “on a generalised basis”.

The report includes the following list of recommendations:

  • more proactive monitoring and supervision of companies’ compliance with their Privacy Shield obligations by the U.S. Department of Commerce;
  • more awareness-raising for EU individuals about how to exercise their rights under the Privacy Shield, notably on how to lodge complaints;
  • Closer cooperation between privacy enforcers i.e. the U.S. Department of Commerce, the Federal Trade Commission, and the EU Data Protection Authorities (DPAs), notably to develop guidance for companies and enforcers;
  • Enshrining the protection for non-Americans offered by Presidential Policy Directive 28 (PPD-28), as part of the ongoing debate in the U.S. on the reauthorisation and reform of Section 702 of the Foreign Intelligence Surveillance Act (FISA).
  • Appointment as soon as possible of a permanent Privacy Shield Ombudsperson, as well as ensuring the vacancies are filled on the Privacy and Civil Liberties Oversight Board (PCLOB).

The Privacy Shield Framework has now been effective since October 2016 it replaced the Safe Harbor, which had around 5,500 participants by 2016. Over 2,400 companies have now been certified by the U.S. Department of Commerce.

More information is available at…


The report on the Privacy Shield Annual Review is available here


More information on Safe Harbor is available here.

More information on Privacy Shield is available here

For more information, Francesca Giannoni-Crystal  and Federica Romanelli.

Follow us on& Like us on