Even after the GDPR’s entry into force, the U.S. continues to ensure an adequate level of protection for personal data transferred from the EU to participating companies in the U.S.
On December 19, 2018, the EU Commission published its report on the second annual review of the functioning of the EU-U.S. Privacy Shield
. According to the report, the steps taken by the U.S. authorities to implement the recommendations made by the Commission in last year’s report have improved the functioning of the framework.
The U.S. therefore continues to provide an adequate level of protection for personal data transferred under the Privacy Shield from the EU to participating companies in the U.S. On the whole, the EU Commission considers the Privacy Shield framework a success.
Nevertheless, the report is not entirely free of criticism. For example, the EU Commission expects the U.S. authorities to nominate a permanent Ombudsperson by February 28, 2019. The Ombudsperson is an important mechanism that ensures complaints concerning access to personal data by U.S. authorities are investigated and addressed. This permanent Ombudsperson is to replace the currently acting Ombudsperson
appointed by the U.S. in September 2018 under pressure from the EU.Practical tip:
Until further notice, an adequate level of data protection (Art. 46 GDPR) for U.S. companies participating in the Privacy Shield continues to be ensured. Participation in the Privacy Shield thus remains an option for lawful data transfer to the U.S.