On October 23, 2019, the European Commission (EC) released its report on a third annual review of the EU-U.S. Privacy Shield. While the report confirms that the U.S. continues to provide an adequate level of protection for personal data transfers in the context of the Privacy Shield, there are some gaps between the expectations of the EC and U.S. authorities, particularly in relation to the lack of transparency concerning U.S. enforcement activities and a lack of co-operation between regulators. You can read our summary on the report via this link.
On Thursday, January 9, 2020, members of the Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) met representatives of the EC and European Data Protection Board to discuss the EC’s 2019 report on the Privacy Shield (link accessible here). An interesting question was raised: Would it be possible for the EC to recognize a single state, e.g., a U.S. state such as California, as an adequate territory for transfers of personal data?