The European Commission gave “adequate” mark to the EU-US Privacy Shield agreement following the deal’s first annual review, but made a number of recommendations for improvement. The EU and the U.S. agreed on Privacy Shield in July 2016, replacing an earlier framework that the EU’s top court had struck down in October 2015 as insufficient after revelations in 2013 of mass spying by U.S. intelligence authorities.
“The U.S. authorities have put in place the necessary structures and procedures to ensure the correct functioning of the Privacy Shield,’’ the Commission said. However, the report noted a number of recommended improvements, including better monitoring of companies’ compliance, raising awareness for EU users about complaint procedures and closer co-operation between U.S. and EU authorities to enforce privacy, such as by developing guidance for companies and enforcers.
The Commission urged the United States to appoint a permanent Privacy Shield Ombudsperson and to ensure that the empty posts are filled on the Privacy and Civil Liberties Oversight Board (PCLOB). In addition, the Commission said it would welcome privacy protections for foreigners contained in a Presidential Policy Directive issued by former U.S. President Barack Obama being enshrined in Foreign Intelligence Surveillance Act (FISA).
The Commission will work with the U.S. authorities on the follow-up of its recommendations in the coming months. The Commission will continue to closely monitor the functioning of Privacy Shield framework, including the U.S. authorities’ compliance with their commitments.
The conclusion came as a relief to the more than 2,400 companies signed up for the framework, including Alphabet Inc’s Google, Facebook and Microsoft, especially since the Privacy Shield is already being challenged in court by privacy activists.