Governance, Risk and Compliance, Americas, Breach, Content, EMEA, Europe

EU-U.S. Privacy Shield First Annual Joint Review Set for September 2017

On May 29, 2017, a high-level EU Commission official and Politico reported that the primary objective of the first annual joint review of the EU-U.S. Privacy Shield (“Privacy Shield”) is not to obtain more concessions from the U.S. regarding Europeans’ privacy safeguards, but rather to monitor the current U.S. administration’s work and steer U.S. privacy debates to prevent privacy safeguards from deteriorating. On March 31, 2017, the EU Commissioner for Justice, Věra Jourová, announced that the joint review will take place in September 2017.

The review will focus on two important points:

  • The EU Commission will verify that the key foundations of the Privacy Shield remain in place, in particular with respect to government access for national security reasons. The Commissioner recalled the importance of maintaining the protections provided under Presidential Policy Directive 28, as well as the Ombudsperson mechanism. In addition, the EU Commission will follow closely the debates around the reform of section 702 of FISA and the potential impact on Europeans’ personal data.
  • The EU Commission will also focus on day-to-day implementation and robust follow-up of the Privacy Shield by companies that have self-certified. In this context, the Department of Commerce will monitor the compliance of companies with the Privacy Shield principles on an ongoing basis, including through detailed questionnaires that companies will have to complete to identify issues that may require further follow‐up action.

Most recently, the European Parliament passed a Resolution on the adequacy of the protection afforded by the Privacy Shield, pointing out several weaknesses to be fixed in the upcoming review of the framework, including the lack of specific rules on automated decisions, the lack of a general right to object, the need for stricter guarantees on the independence and powers of the Ombudsperson mechanism, and the lack of concrete assurances with respect to bulk collection of data.

On the basis of the annual review, the EU Commission will issue a public report to the European Parliament and the Council.

Blog courtesy of Hunton & Williams LLP, U.S.-based law firm with a Global Privacy and Cybersecurity practice that's known throughout the world for its deep experience, breadth of knowledge and outstanding client service. Read the company's privacy blog here.