EU Entities can continue to transfer personal data within the Privacy Shield framework
Posted - 09.03.2020
According to the European Commission’s report, the EU-U.S. Privacy Shield continues to ensure an adequate level of protection for personal data transferred to certified U.S. companies, as listed by the U.S. Department of Commerce. As a reminder, the Privacy Shield decision has been operational since 1 August 2016 and is subject to annual reviews by the European Commission, which took place respectively in September 2017 and October 2018 and 2019.
The third annual review (2019) highlights the improvements in the functioning of the Privacy Shield framework, which as of today include more than 5,000 U.S. companies. The European Commission still concludes that additional concrete steps need to be taken to ensure better functioning in practice, including timing for the re-certification process during which U.S. companies remain on the Privacy Shield “active” list, the pro-active monitoring of the U.S. companies on more substantive obligations, such as the accountability for onward transfer principles, enlarging the scope of search for detecting false claims, and the development of guidance regarding the processing of human resources data.
This may also interest you :