Privacy Shield protects information

The first annual review of the functioning of the Privacy Shield was concluded and the report was published on October 18, 2017.

What did it cover?

The review covered all aspects of the Privacy Shield Framework including the implementation, administration, supervision and enforcement. It also looked at questions relating to the access of U.S. public authorities to personal data transferred under the Framework for public interest purposes, particularly national security.

Privacy Shield ensures an adequate level of protection

Overall the report shows that the Framework continues to ensure an adequate level of protection for personal data transferred from the EU to participating U.S. companies. The necessary structures and procedures have been put in place to ensure the correct functioning of the Framework.

Privacy Shield in numbers

The EU-U.S. Privacy Shield has been operational for 1 year.
2 400 companies have certified so far.
Approximately 20 new companies apply for certification each week.
3 enforcement actions have been brought by the FTC against companies for false claims of participation in the Framework.


The European Commission’s report makes recommendations for further improvements to ensure that the guarantees and safeguards provided in the Framework continue to function as intended.
The recommendations include:

  • Companies should not be able to publicly refer to their Privacy Shield certification before the certification is finalised.
  • The U.S. Department of Commerce should proactively and regularly conduct searches for false claims of participation in the Privacy Shield.
  • Participating companies should be subject to ongoing monitoring of compliance with the Privacy Shield Principles.
  • Awareness raising efforts should be strengthened.
  • Improve cooperation between enforcers.
  • The commission will commission a study on the relevance of automated-decision making for transfers carried out on the basis of the Privacy Shield.

If you’d like to know more about self-certification with the Privacy Shield Framework, let’s talk!

Please Share!