International Data Transfer Framework: Privacy Shield First Review

The EU-U.S. Privacy Shield international data transfer framework had its first annual review, and the highlights are included below.

Andrus Ansip, Commission Vice-President for the Digital Single Market, said,


“The Commission stands strongly behind the Privacy Shield arrangement with the U.S. Making international data transfers sound, safe and secure benefits certified companies and European consumers and businesses, including EU SMEs.


This first annual review demonstrates our commitment to create a strong certification scheme with dynamic oversight work.”

Privacy Shield Ensures Adequate Protection for Personal Data Transfers

Overall, the report shows that European Commission (EC) feels that the Privacy Shield ensures an adequate level of protection for the personal data transferred from the EU to participating companies in the U.S.privacy shield first review

Over 2,400 companies have now been certified by the U.S. Department of Commerce.

In addition to reaffirming their support of Privacy Shield, the EC made several recommendations to further improve the functioning of the Privacy Shield, which include:

    • More proactive and regular monitoring of companies’ compliance with their Privacy Shield obligations by the U.S. Department of Commerce, including regular searches by the US Department of Commerce for companies making false claims about their participation in the Privacy Shield;
    • Increased awareness-raising for EU individuals about how to exercise their rights under the Privacy Shield, notably on how to lodge complaints;
    • Closer cooperation between privacy enforcers i.e. the U.S. Department of Commerce, the Federal Trade Commission, and the EU Data Protection Authorities (DPAs);
    • Enshrining the protection for non-Americans offered by Presidential Policy Directive 28 (PPD-28), as part of the ongoing debate in the U.S. on the reauthorization and reform of Section 702 of the Foreign Intelligence Surveillance Act (FISA); and
    • The appointment of a permanent Privacy Shield Ombudsperson, as well as filling empty posts on the Privacy and Civil Liberties Oversight Board (PCLOB).

Read the press release.

TrustArc Solutions for EU-U.S. Privacy Shield

We offer three separate packages to support companies in preparing for compliance with the EU-U.S. Privacy Shield Principles ahead of self-certification with the U.S. Department of Commerce.

Assessment and Verification Packages to help companies assess their policies and practices against the Privacy Shield Principles.

These two packages include assessing practices related to non-HR data, HR/employee data or both.

In addition, there’s a Dispute Resolution Package, to help companies meet the requirements under Privacy Shield for having an independent dispute resolution mechanism in place to efficiently manage privacy inquiries from customers or relating to non-HR data.

TrustArc TRUSTe APEC CBPR certificationCompanies purchasing the Dispute Resolution Package to manage privacy related questions or concerns would be authorized to display the Powered by TRUSTe Privacy Feedback Button on their digital Privacy Policy page linking to a mechanism for consumers to submit privacy-related questions or feedback.

The TRUSTe assessment and verification packages for Privacy Shield are delivered and managed by a team of privacy professionals using our proprietary assessment methodology that is powered by TrustArc Assessment Manager.

TrustArc’s award-winning, SaaS-based, privacy technology platform provides interactive compliance reviews, centralized on-demand reporting, and searchable audit trails.

Questions About Privacy Shield?

Learn more about the Schrems-II decision, SCC’s, and privacy shield.