EU US Privacy Shield Framework 2nd annual review: Per European Regulator, the European Data Protection Board (EDPB), the U.S. has made significant progress but some issues remain.
Progress includes:
-
Adapting the initial certification process to avoid inconsistencies between the Privacy Shield List and the representations made by the organizations on their websites
-
Oversight and enforcement actions by the US Department of Commerce (DoC) and the FTC
-
Further guidance by DoC for EU individuals and for US business
Outstanding issues include:
-
Enforcement of compliance with the substance of the Privacy Shield principles
-
Enforcement of “onward transfers” of personal information to third parties
-
Clarification of Privacy Shield requirements regarding HR data
-
Refinement of the re-certification process
-
Addressing data subject rights
-
Lack of guarantees on transfers for regulatory purpose in the field of medical context
-
Lack of specific rules on automated decision making
-
Overly broad exemption for publicly available information.
Details in the full text of the Second Annual Joint Review.
[View source.]
