On December 19, the EU Commission released its report on the second review of the EU-US Privacy Shield arrangement, the mechanism that allows for the transfer of data between the EU and the US. Overall, the Commission fins that the US authorities has taken steps to improve the functioning of the framework.
On January 24, the EU Data Protection Board gathering all EU data protection authorities announced that due to substantial shortcomings, the EU-US Privacy Shield risk could be struck down by the European Court of Justice later this year.
On December 20, 2018, the Department of Commerce updated its frequently asked questions on the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to clarify the effect of the UK’s planned withdrawal from the EU on March 29, 2019.
The FAQs provide information on the steps Privacy Shield participants must take to receive personal data from the UK in reliance on the Privacy Shield after such time.
Week ago the European Commission published its second annual review of the EU-U.S. Privacy Shield, finding that “the U.S. continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the EU to participating companies in the U.S.” The decision preserves a key data transfer agreement, supporting transatlantic trade and ensuring meaningful privacy safeguards for consumers.
The European Commission’s second annual review of the Privacy Shield agreement made similar noises to last year’s, concluding the deal does the trick but could be better. It said the US ensures an adequate level of protection for personal data transferred under the deal, and has made some improvements, but progress is slow and there is more work to do.
The US has been told once again to appoint a permanent ombudsperson to oversee the deal governing transatlantic data flows, but this time has been given a deadline.
Despite the lack of a permanent ombudsperson, the European Commission confirmed on Wednesday that the Privacy Shield had passed its second annual review.
The US government has been given until the end of February next year to appoint a permanent ombudsperson to handle data protection complaints from EU citizens.
US Federal Trade Commission has given final approval to settlements with four companies over allegations that they falsely claimed certification under the EU-U.S. Privacy Shield framework, which establishes a process to allow companies to transfer consumer data from European Union countries to the United States in compliance with EU law.
As part of the proposed settlements with the FTC, all four companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any self-regulatory or standard-setting organization, and must comply with FTC reporting requirements. In addition, VenPath and SmartStart must continue to apply the Privacy Shield protections to personal information they collected while participating in the program, protect it by another means authorized by the Privacy Shield framework, or return or delete the information within 10 days of the order.
Last month, the European Commission and U.S. Department of Commerce held their second annual joint review of the EU-U.S. Privacy Shield Framework. It revealed that European data subjects are simply not filing complaints under the Shield’s dispute resolution scheme. Why is it so?
Full article: Why so few Privacy Shield disputes?
Facebook’s unprecedented Supreme Court appeal aimed at halting a referral to the European Court of Justice (CJEU) concerning the validity of EU-US data transfer channels will be heard in January.
The court previously set a provisional hearing date of December 19th but, following a case management hearing on Thursday, has now fixed the case for January 21st.
The Federal Trade Commission (FTC) announced several enforcement actions in late 2017, on the eve of the first annual joint EU-U.S. review of the Privacy Shield Framework. Now the second annual review of the EU-U.S. Privacy Shield Framework is underway, and the FTC has announced several new enforcement actions, which are meant to highlight the importance of the framework and reaffirm the U.S.’s commitment to strong privacy enforcement.
Full article: EU-U.S. Privacy Shield Framework Joint Annual Review 2.0