The first annual joint review of the EU-US Privacy Shield (Privacy Shield) has been conducted by authorities from the EU and the United States of America (US), including representatives from the European Commission (Commission) and the US Department of Commerce (DoC). The Privacy Shield is a current method by which personal data may be transferred from the EU to the US in compliance with EU data protection laws. It was established last year, following the invalidation in late 2015 of the EU-US Safe Harbour scheme, although formal concerns regarding its legitimacy have been raised this year on several occasions.

Following the review, the Commission has released a report detailing its findings and recommendations on the Privacy Shield. The report concludes that the US provides an adequate level of protection for personal data transferred under the Privacy Shield from the European Economic Area to the US.

The Commission, however, makes a number of recommendations, including that US companies should not be able to publicly refer to their Privacy Shield certification until the certification has been finalised by the DoC, the DoC should regularly conduct searches for false claims of participation, and enforcers (namely the DOC and the EU Data Protection Authorities) are to cooperate with each other in developing guidance on concepts such as accountability. The Commission has stated that it will work with the US authorities over the coming months to follow-up on the recommendations.

Click here to access the Commission’s news update from which the report can be downloaded.