The first review of Privacy Shield will take place in September of this year. The Privacy Shield program is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce.
This announcement came from Vera Jourova, the Commissioner for Justice, Consumers and Gender Equality while on a recent visit to Washington D.C on the 31st of March 2017.
Privacy Shield aims to protect data that is transferred outside the European Union to the United States of America. We live in a world where data is transferred to and from other countries as a part of global trade; it is crucial that proper securities are in place to protect personal data of the citizens of the European Union.
Currently roughly 2000 American companies have signed up to Privacy Shield. Although signing up to Privacy Shield is voluntary, it is compulsory to comply with its principles once a company signs up. The list of companies that have agreed to adhere to Privacy Shield will remain public. Those who sign up:
(a) are subject to the investigatory and enforcement powers of the Federal Trade Commission (the "FTC"), the Department of Transportation or another statutory bodies of the United States of America that will effectively ensure compliance with the Principles (other U.S. statutory bodies recognized by the EU may be included as an annex in the future);
(b) publicly declare its commitment to comply with the Principles;
(c) publicly disclose its privacy policies in line with these Principles;
(d) fully implement the rules surrounding Privacy Shield.
Although Privacy Shield improves on the Safe Harbour framework, many still believe that it will not stand up in any court even after a variety of reassurances have been made by EU and US officials. The Civil Liberties group within the European Parliament voted last week to call Privacy Shield deficient and are highly critical of the remedies that are available to individuals if their data is abused on the other side of the Atlantic. They called on European data protection authorities to monitor Privacy Shield and to exercise their powers to suspend data transfers “if they consider that the fundamental rights to privacy and the protection of personal data of the Union's data subjects are not ensured”.
Another issue surrounding Privacy Shied is that US surveillance practices have now changed and the National Security Agency in the US has been granted the authority earlier this year to share data with other US agencies.
The nature and volume of the criticism reflects what seems to be an increasing distrust in the agreement. One can only hope that the forthcoming review in September restores some trust in Privacy Shield and will make data transfers abroad safer and more reliable.