On 23 October 2019 the European Commission published a report on the third annual review on the functioning of the EU-U.S. Privacy Shield. The report states that the U.S. continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the EU to participating companies in the U.S. Today approx. 5,000 companies are participating in this EU-U.S. data protection framework.
The report assesses the recent improvements of the Privacy Shield, such as the process of the necessary oversight carried out by the U.S. Department of Commerce, the enforcement actions, the appointment of the permanent Ombudsperson or the redress mechanisms.
Beside the assessment of the recent improvements, the Commission also recommends certain steps to be taken to better ensure the effective functioning of the Privacy Shield in practice. The report highlights the importance of strengthening the (re)certification process for companies who want to participate in the EU-U.S. Privacy Shield by shortening the time of such (re)certification process. The report also recommends to expand compliance checks and to develop additional guidance for companies related to human resources data.
The EU-U.S. Privacy Shield decision was adopted on 12 July 2016 and the Privacy Shield framework became operational on 1 August 2016. It protects the fundamental rights of anyone in the EU whose personal data is transferred to certified companies in the United States for commercial purposes. The Commission reviews the Privacy Shield on an annual basis in order to assess if it continues to ensure an adequate level of protection for personal data.