Enforcement is increasing under the EU US Privacy Shield Framework for cross border transfer of personal data. A report published by European regulator, the European Data Protection Board (EDPB), lists enforcement initiatives by the Department of Commerce (DoC) and the FTC.
- On a quarterly basis the DoC conducts “false claims reviews” to identify organizations that have started but not finished an initial or re-certification or that did not submit their annual recertification.
- The DoC performs random web searches for false claims of participation in the program
- The DoC performed a sweep of 100 randomly chosen organizations.
- The DoC designated a person to follow the media and to do keyword searches to identify possible breaches of the Privacy Shield commitment.
- The DoC performs regular checks for broken links to the privacy policy on the Privacy Shield list.
- This year the FTC brought 5 new Privacy Shield cases.
- The FTC investigates Privacy Shield-related referrals (approximately 100).
- The FTC started to send Civil Investigation Demands (CIDs) proactively to monitor compliance with the Privacy Shield principles.
Details in the Second Annual Joint Review.