EU Entities can continue to transfer personal data within the Privacy Shield framework
- Articles and memoranda
- Posted 09.03.2020
For an outlook of the latest development as at July 2023 in relation to transfers to the US, please read our article about the New EU adequacy decision allowing personal data transfers to US self-certified entities!
According to the European Commission’s report, the EU-U.S. Privacy Shield continues to ensure an adequate level of protection for personal data transferred to certified U.S. companies, as listed by the U.S. Department of Commerce. As a reminder, the Privacy Shield decision has been operational since 1 August 2016 and is subject to annual reviews by the European Commission, which took place respectively in September 2017 and October 2018 and 2019.
The third annual review (2019) highlights the improvements in the functioning of the Privacy Shield framework, which as of today include more than 5,000 U.S. companies. The European Commission still concludes that additional concrete steps need to be taken to ensure better functioning in practice, including timing for the re-certification process during which U.S. companies remain on the Privacy Shield “active” list, the pro-active monitoring of the U.S. companies on more substantive obligations, such as the accountability for onward transfer principles, enlarging the scope of search for detecting false claims, and the development of guidance regarding the processing of human resources data.
This may also interest you :
- Schrems II case: EU to U.S. transfers of personal data challenged
- Data Protection - Consequences of a no-deal Brexit on personal data transfers to the UK
- CJEU invalidates the Privacy Shield: implications for EU-US personal data transfers
- EDPB's FAQ about the invalidation of the Privacy Shield
- EDPB Recommendations 01/2020 and 02/2020 on transfers of personal data after Schrems II