Today, U.S. Secretary of Commerce Wilbur Ross and EU Commissioner for Justice, Consumers, and Gender Equality Věra Jourová made the following statement regarding the third annual joint review of the EU-U.S. Privacy Shield Framework:
“Senior officials from the United States Government, the European Commission, and EU data protection authorities gathered in Washington, DC on 12 and 13 September to conduct the third annual joint review of the EU-U.S. Privacy Shield Framework. The broad and senior level participation from both sides underscored the shared and longstanding commitment of the United States and the European Union to the Framework.
The U.S. Department of Commerce hosted the two-day review, which covered all aspects of the functioning of the Privacy Shield Framework from its administration and enforcement to broader U.S. legal developments regarding matters related to commercial data protection and national security data access. The review benefited from input from Privacy Shield participants and civil society stakeholders.
Privacy Shield ensures that participating companies and relevant government authorities provide a high level of protection for the personal data of EU individuals. Since the Framework's implementation on 1 August 2016, more than 5,000 companies have made public and legally enforceable pledges to protect data transferred from the EU in accordance with the Privacy Shield Principles. The rapid and continued growth of the program demonstrates Privacy Shield's vital role in protecting personal data and contributing to the $7.1 trillion economic relationship between the United States and Europe.
The EU and U.S. welcomed the appointment of several key U.S. officials with Privacy Shield responsibilities. The United States Senate confirmed two additional members to the independent, bipartisan U.S. Privacy and Civil Liberties Oversight Board, as well as Keith Krach, who in his Under Secretary role at the U.S. Department of State serves as the Privacy Shield Ombudsperson.
EU and U.S. officials both stressed the need for strong and credible enforcement of privacy rules to protect our citizens and ensure trust in the digital economy. As provided for in the Framework, the Department of Commerce will revoke the certification of companies that do not comply with Privacy Shield's vigorous data protection requirements.
The European Commission will publish a report on the functioning of the Privacy Shield. This report will conclude this year's review process.”
Operational since 1 August 2016, the EU-US Privacy Shield protects personal data transferred from the EU to the U.S. for commercial purposes. It brings also legal clarity for businesses relying on the transmission of personal data across the Atlantic. By now, more than 5000 companies are certified under the Privacy Shield and thereby committing to comply with the data protection requirements.
As agreed at the time of its launch, the EU-US Privacy Shield is reviewed on a yearly basis, to assess that it continues to ensure an adequate level of protection of personal data. On 12 September 2019, Commissioner for Justice, Consumers and Gender Equality Věra Jourová, launched with the US Secretary of Commerce Wilbur Ross the discussions over the third annual review of the EU-U.S. Privacy Shield. The reports on the first and second review can be found here. The report of the third review will be made available at a later stage.