EU US Privacy Shield Framework 2nd annual review: Per European Regulator, the European Data Protection Board (EDPB), the U.S. has made significant progress but some issues remain.

Progress includes: 

  • Adapting the initial certification process to avoid inconsistencies between the Privacy Shield List and the representations made by the organizations on their websites
  • Oversight and enforcement actions by the US Department of Commerce (DoC) and the FTC
  • Further guidance by DoC for EU individuals and for US business

Outstanding issues include:

  • Enforcement of compliance with the substance of the Privacy Shield principles
  • Enforcement of “onward transfers” of personal information to third parties
  • Clarification of Privacy Shield requirements regarding HR data
  • Refinement of the re-certification process
  • Addressing data subject rights
  • Lack of guarantees on transfers for regulatory purpose in the field of medical context
  • Lack of specific rules on automated decision making
  • Overly broad exemption for publicly available information.

Details in the full text of the Second Annual Joint Review.