On October 18, the European Commission (Commission) released its first annual review of the E.U.-U.S. Privacy Shield (Privacy Shield) framework for transatlantic data transfers, citing the Privacy Shield “ensures an adequate level of protection for personal data,” but “there is some room for improving its implementation.” In the report, the Commission’s findings and conclusions cover topics including: (i) redress options for EU individuals; (ii) complaint handling and enforcement procedures to “safeguard individual rights”; (iii) cooperation with European Data protection authorities; and (iv) the process for certifying companies under the Privacy Shield. However, the report also makes recommendations for improvement, such as (i) increasing U.S. oversight into whether U.S. companies are complying with the Privacy Shield’s requirements to protect European’s personal data; (ii) conducting regular reviews to ensure companies are not making false claims about their participation in the Privacy Shield; and (iii) establishing a closer means of communication between “privacy enforcers” to develop guidance.

Acting FTC Chairman Maureen K. Ohlhausen commented on the Commission’s review: “Enforcing international privacy frameworks such as Privacy Shield is an integral part of our Privacy and Data Security program, as highlighted in three recently announced Privacy Shield enforcement actions. We look forward to continuing to work with our European counterparts to ensure that the Privacy Shield remains a robust mechanism for protecting privacy and enabling transatlantic data flows.” (See InfoBytes coverage of the three FTC enforcement actions here, and refer here for previous InfoBytes coverage of the Privacy Shield.)