The first annual review of the EU-U.S. Privacy Shield (“Privacy Shield”) is scheduled to occur in September 2017 in Washington, D.C. The first review is particularly important for the nascent framework, as regulators in both the U.S. and the EU are expected to closely scrutinize the operation of the first year of the Privacy Shield, address concerns that have been raised, and seek to ensure that the Privacy Shield is well positioned to continue operating as a valid legal basis for transfers of personal data from the EU to the U.S.
Under the Privacy Shield, an “Annual Joint Review” is conducted by the U.S. Department of Commerce (“Commerce”) and the European Commission (“Commission”), with participation by the FTC, EU data protection authorities and representatives of the Article 29 Working Party, and “other departments and agencies involved in the implementation of the Privacy Shield,” including the U.S. Intelligence Community and the Privacy Shield Ombudsperson for matters pertaining to national security. Regulators have also indicated that they plan to solicit and incorporate feedback and comments from other Privacy Shield stakeholders as part of the review process, including from self-certified companies and other interested organizations.
Although this is the first annual review, it is important to note that the Privacy Shield has already been the subject of intense public scrutiny. The draft text of the framework was released in February, several months prior to the final release in July, and a number of stakeholders took the opportunity to comment on the text, leading to several revisions designed to improve and strengthen the Privacy Shield.
Continue Reading First Annual Privacy Shield Review Will Comprehensively Assess the Framework