EU US Privacy Shield Framework 2nd annual review: Per European Regulator, the European Data Protection Board (EDPB), the U.S. has made significant progress but some issues remain.

Progress includes: 

• Adapting the initial certification process to avoid inconsistencies between the Privacy Shield List and the representations made by the organizations on their websites
• Oversight and enforcement actions by the US Department of Commerce (DoC) and the FTC
• Further guidance by DoC for EU individuals and for US business

Outstanding issues include:

• Enforcement of compliance with the substance of the Privacy Shield principles
• Enforcement of “onward transfers” of personal information to third parties
• Clarification of Privacy Shield requirements regarding HR data
• Refinement of the re-certification process
• Addressing data subject rights
• Lack of guarantees on transfers for regulatory purpose in the field of medical context
• Lack of specific rules on automated decision making
• Overly broad exemption for publicly available information.

Details in the full text of the Second Annual Joint Review.