The European Union and the United States have now conducted the second annual review of Privacy Shield, a framework which regulates and facilitates the exchange of personal data across the Atlantic. The European Commission will publish its conclusions in a report at the end of this month.
The EU-U.S. Privacy Shield mechanism
EU organisations that want to transfer personal data to recipients outside the EU/EEA must assess whether the recipient country ensures an adequate level of data protection. Privacy Shield imposes stronger obligations on U.S. companies to protect the personal data of individuals in the EU and to monitor, enforce and cooperate with the European data protection authorities to ensure adequacy.
On a voluntary basis, U.S. organisations can self-certify to the U.S Department of Commerce, publicly stating that they will comply with Privacy Shield requirements. A list of the certified organisations can be found here. Nearly 4,000 companies have now made legally enforceable commitments to comply with the framework since Privacy Shield went into effect in 2016.