EU-U.S. Privacy Shield: Second review shows improvements but a permanent Ombudsperson should be nominated by 28 February 2019

Privacy Shield 2019

Dimitris Avramopoulos, Member of the EC in charge of Migration, Home Affairs and Citizenship, and Vĕra Jourová, Member of the EC in charge of Justice, Consumers and Gender Equality, give a press conference on the communication on Visa Reciprocity, the Second Report on the visa suspension mechanism and the Report on the second annual review of the EU-US Privacy Shield. © European Union , 2018 / Photo: Théodore Boermans

This article is brought to you in association with the European Commission.


Today the European Commission publishes its report on the second annual review of the functioning of the EU-U.S. Privacy Shield.

This year’s report shows thatthe U.S. continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the EU to participating companies in the U.S. The steps taken by the U.S. authorities to implement the recommendations made by the Commission in last year’s report have improved the functioning of the framework.

However, the Commission does expect the US authorities to nominate a permanent Ombudsperson by 28 February 2019 to replace the one that is currently acting.  The Ombudsperson is an important mechanism that ensures complaints concerning access to personal data by U.S. authorities are addressed.

Andrus Ansip, Commission Vice-President for the Digital Single Market, said: “Today’s review shows that the Privacy Shield is generally a success. More than 3,850 companies have been certified, including companies like Google, Microsoft and IBM – along with many SMEs. This provides an operational ground to continuously improve and strengthen the way the Privacy Shield works. We now expect our American partners to nominate the Ombudsperson on a permanent basis, so we can make sure that our EU-US relations in data protection are fully trustworthy.”

Commissioner for Justice, Consumers and Gender Equality, Věra Jourová,stated: The EU and the U.S. are facing growing common challenges, when it comes to the protection of personal data, as shown by the Facebook / Cambridge Analytica scandal. The Privacy Shield is also a dialogue that in the long term should contribute to convergence of our systems, based on strong horizontal rights and independent, vigorous enforcement. Such convergence would ultimately strengthen the foundation on which the Privacy Shield is based. In the meantime, all elements of the Shield must be working at full speed, including the Ombudsperson.”

Improvements already made include the strengthening by the Department of Commerce of the certification process and of its proactive oversight over the framework. As recommended by the Commission’s first annual review, the Department of Commerce has set up several mechanisms, such as a system of checks (“spot checks”), which randomly selects companies to verify that they comply with the Privacy Shield principles. 100 companies have been checked: 21 had issues that have now been solved. Additional compliance review procedures also include the analysis of Privacy Shield participants’ websites to ensure that links to privacy policies are correct. The Department of Commerce put in place a system to identify false claims which prevents companies from claiming their compliance with the Privacy Shield, when they have not been certified.

The Federal Trade Commission has also demonstrated a more proactive approach to enforcement by monitoring the principles of the Privacy Shield, including by issuing subpoenas to request information from the participating companies.

As regards access to personal data by U.S. public authorities for national security purposes, new members of the Privacy and Civil Liberties Oversight Board (PCLOB) have been appointed which restores the Board’s quorum. The Board’s report on the implementation of Presidential Policy-Directive No. 28 (PPD-28, which provides for privacy protections for non-Americans) has been made publicly available. It confirms that these privacy protections for non-Americans are implemented across the U.S. intelligence community.

The second review took into account relevant developments in the U.S. legal system in the area of privacy. The Department of Commerce launched a consultation on a federal approach to data privacy to which the Commission contributed and the US Federal Trade Commission is reflecting on its current powers in this area. In the context of the Facebook/Cambridge Analytica scandal, the Commission noted the Federal Trade Commission’s confirmation that its investigation of this case is ongoing.

Next steps

The report will be sent to the European Parliament, the Council, the European Data Protection Board and to the U.S. authorities.

The European Commission expects the U.S. government to identify a nominee to fill the Ombudsperson position on a permanent basis by 28 February 2019 at the latest. If this does not take place by that date, the Commission will consider taking appropriate measures, in accordance with the General Data Protection Regulation.

Background

The EU-U.S. Privacy Shield decision was adopted on 12 July 2016 and the Privacy Shield framework became operational on 1 August 2016. It protects the fundamental rights of anyone in the EU whose personal data is transferred to certified companies in the United States for commercial purposes and brings legal clarity for businesses relying on transatlantic data transfers.

The Commission committed to reviewing the arrangement on an annual basis, to assess if it continues to ensure an adequate level of protection for personal data. After the first annual review, which took place in 2017, the Commission made a number of recommendations to further improve the practical functioning of the Privacy Shield.

On 18 October 2018, Commissioner for Justice, Consumers and Gender Equality Věra Jourová, launched with the US Secretary of Commerce Wilbur Ross the discussions for the second review the EU-U.S. Privacy Shield (statement). The findings in this report are based on meetings with representatives of all US government departments in charge of running the Privacy Shield, including the Federal Trade Commission, the Office of the Director of National Intelligence (ODNI), the Department of Justice and the State Department, which took place in Brussels mid-October 2018, a study on automated decision-making commissioned by the Commission as well as on input from a wide range of stakeholders, including feedback from companies and privacy NGOs. Representatives of the EU’s independent data protection authorities also participated in the review.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Brain drain 2017: why do medical students need to emigrate to become doctors in 2017?

‘Internal security’ or how to compromise citizens’ rights and also make huge profits

How can entrepreneurship tackle the migration crisis in the EU?

Vegetarianism is good for the economy too

Misinformation and growing distrust on vaccines, ‘dangerous as a disease’ says UNICEF chief

We have the tools to beat climate change. Now we need to legislate

Latest tragedy in the Mediterranean claims over 100 lives – UN refugee agency

European Youth Forum on Summit on Jobs and Growth

Why is Grexit again in the news? Who is to pay for Eurozone’s banking problems?

EU’s tougher privacy rules: WhatsApp and Facebook set to be soon aligned with telcos

To achieve the Great Reset, we will need more than just the actions of the powerful

Migration policy affects attractiveness of OECD countries to international talent

6 charts that show how Japan’s economy stacks up as it enters a new era

MEPs want to boost energy storage in the EU to help spur decarbonisation

DR Congo President and UN chief meet at a ‘historic moment’ for democracy in the country

EU budget: Commission proposes €1.26 billion to reinforce the European Solidarity Corps

Strengthen inclusion, participation of people with autism to ‘achieve their full potential’ says UN chief

Italian banks: It’s Rome’s turn to confront Berlin’s aggressiveness

Draghi strives to control the unruly exploitation of financial markets by banking leviathans

Eurozone: How safe are our deposits? Which banks will survive?

Europe enters uncharted waters with Kiev-Moscow standoff

Stakeholder capitalism is urgently needed – and the COVID-19 crisis shows us why

Growing up near green space is good for your mental health as an adult

Here’s how data could make our cities safer

New York and London mayors call on cities to divest from fossil fuels

‘Climate change is the battle of my life’, UN chief tells students living on the frontline in Fiji

UN chief ‘deeply saddened’ by Ethiopia plane crash which killed 157, including at least 21 UN workers

What little Cameron got in Brussels seems enough to keep Britain in the EU

Thailand gave healthcare to its entire population and the results were dramatic

Finland should do more to improve job prospects of low-skilled youth

Syria: Civilians caught in crossfire, UN refugee chief urges Jordan to open its border

5 steps businesses can take to protect air quality after COVID-19

One third of poorer countries face both undernutrition and obesity: WHO report

This is why retail is such a sore point in India-US trade relations

What matters most to young Europeans?

Only the Americans are unhappy with the ceasefire agreement in eastern Ukraine

Greece begins a new chapter following the conclusion of its stability support programme

ECB’s new money bonanza handed out to help the real economy or create new bubbles?

Digitalization is changing banking – These 3 trends will help shape its future

G20 LIVE: G20 Antalya Summit in Numbers, 15-16 November 2015

Amidst ‘high political tension’, UN chief appeals to G20 leaders for stronger commitment to climate action, economic cooperation

Air pollution, the ‘silent killer’ that claims seven million lives a year: rights council hears

How banking with blockchain can stamp out corruption and increase financial inclusion

Does the Erasmus program really contribute to the construction of a solid EU identity?

Why CEOs need to become activists in sustainability

The European Commission to stop Buffering

Tools of asset development: Renewable Energy Projects case

The blackened white coat of the doctors

UN says ‘many humanitarian achievements’, one year after ouster of ISIL from Mosul

Brexit must not put UK university research at risk

Volkswagen getting away with it in Europe

Energy: EU funding for priority projects should reflect 2050 climate objectives

Healthy habits to help you cope with health anxiety

‘End the ongoing atrocities’ against people with albinism in Malawi, say UN rights experts

How building renovations can speed up the electric vehicle revolution

The relation of deforestation and respiratory diseases

Deutsche Bank chased away from US, threatened with more fines

What does strategy have to do with a platform approach?

International Criminal Court acquits former president Gbagbo of war crimes in Côte d’Ivoire

How emerging markets will shape Africa in 2020

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s