EU US Privacy Shield Framework 2nd annual review: Per European Regulator, the European Data Protection Board (EDPB), the U.S. has made significant progress but some issues remain.
- Adapting the initial certification process to avoid inconsistencies between the Privacy Shield List and the representations made by the organizations on their websites
- Oversight and enforcement actions by the US Department of Commerce (DoC) and the FTC
- Further guidance by DoC for EU individuals and for US business
Outstanding issues include:
- Enforcement of compliance with the substance of the Privacy Shield principles
- Enforcement of “onward transfers” of personal information to third parties
- Clarification of Privacy Shield requirements regarding HR data
- Refinement of the re-certification process
- Addressing data subject rights
- Lack of guarantees on transfers for regulatory purpose in the field of medical context
- Lack of specific rules on automated decision making
- Overly broad exemption for publicly available information.
Details in the full text of the Second Annual Joint Review.