The European Commission has admitted that despite completing a yeer in operation, the EU- U.S. Privacy Shield still has a lot of room for improvement to better protect data belonging to EU residents.
The European Commission believes the EU- U.S. Privacy Shield has so far ensured an adequate level of protection to personal data of EU citizens.
The European Commision has completed the first annual review of the EU- U.S. Privacy Shield which is aimed at ensuring the protection of personal data of anyone in the EU transferred to companies in the U.S. for commercial purposes.
Following its review, the Commission expressed confidence in the privacy programme, stating that it 'continues to ensure an adequate level of protection for the personal data transferred from the EU to participating companies in the U.S.'
The Commission noted that U.S. authorities have implemented 'necessary structures and procedures' to ensure the functioning of the Privacy Shield and have also set up complaint-handling and enforcement procedures. At the same time, U.S. authorities are also cooperating with European Data protection authorities and so far, over 2,400 companies have been certified by the U.S. Department of Commerce.
However, the Commission also added that despite ensuring an adequate level of data protection, the Privacy Shield still needs some improvement to better protect consumer data and to gt rid of existing loopholes.
'Transatlantic data transfers are essential for our economy, but the fundamental right to data protection must be ensured also when personal data leaves the EU. Our first review shows that the Privacy Shield works well, but there is some room for improving its implementation,' said Věra Jourová, Commissioner for Justice, Consumers and Gender Equality.
'The Privacy Shield is not a document lying in a drawer. It's a living arrangement that both the EU and U.S. must actively monitor to ensure we keep guard over our high data protection standards,' she added.
Following the completion of its review, the Commission has published a list of recommendations which must be implemented to ensure smooth functioning of the Privacy Shield. These recommendations include the appointment of a permanent Privacy Shield Ombudsperson, and filling up of vacant positions at the Privacy and Civil Liberties Oversight Board (PCLOB).
The Commission has also called for more awareness-raising for EU individuals about how to exercise their rights under the Privacy Shield, closer cooperation between U.S. and European privacy enforcement agencies, more proactive monitoring of U.S. companies that handle data belonging to anyone in the EU, and ensuring the protection of non-Americans from fresh changes made in the Foreign Intelligence Surveillance Act.
Simon Migliano, Head of Research at Top10VPN.com, believes that the European Commission has offered little incentive for U.S. authorities to implement its recommendations. He added that the Commission has basically bowed down to U.S. economic and national security interests even though its longstanding privacy demands have not been met.
'The EC has failed to set any deadline for its demands for the appointment of key privacy personnel in the US, such as a permanent ombudsman and the filling of the Privacy and Civil Liberties Oversight Board, which is currently 80% vacant, despite first calling for them at the start of the year. Now that Privacy Shield has been signed off for another year, what incentive is there for the US to act?
'Consumers really ought to be aware that their data is flowing practically unimpeded across the Atlantic to the US, where there is no guarantee that companies and the intelligence agencies are paying anything more than lip service to strict EU privacy rules. If that makes anyone uncomfortable then they should be taking active steps to limit the amount of personal data collected,' he added.
He said that such steps should include boycotting US-based apps and using VPN networks at all times to keep online activities beyond the reach of U.S. jurisdiction until and unless U.S. authorities take concrete steps to respect the EU's strict privacy requirements.