First Annual Review of the EU-U.S. Privacy Shield

First Annual Review of the EU-U.S. Privacy Shield

The Privacy Shield is an arrangement for protecting the personal data of anyone in the EU when it is transferred to the U.S. for commercial purposes.

Yesterday the EU published its report on the adequacy of the EU-US Privacy Shield. As many Software Services are provided from US based organisations and data is therefore transferred from EU to US this is an important topic.

In general the outcome of the Commissions review is a positive one. It says that the Privacy Shield provides better monitoring and better ways for individuals to obtain redress.

However there is room for improvement, a few topics: US Companies should not be allowed to communicate to be certified unless the Department of Commerce process is finalised. These certified companies should be checked upon more regularly. A US ombudsperson should be appointed as well as an informal panel of DPAs to resolve complaints.

A more comprehensive update is found here: