Survivor: Privacy Shield

  • Privacy Shield protects information

The first annual review of the functioning of the Privacy Shield was concluded and the report was published on October 18, 2017.

What did it cover?

The review covered all aspects of the Privacy Shield Framework including the implementation, administration, supervision and enforcement. It also looked at questions relating to the access of U.S. public authorities to personal data transferred under the Framework for public interest purposes, particularly national security.

Privacy Shield ensures an adequate level of protection

Overall the report shows that the Framework continues to ensure an adequate level of protection for personal data transferred from the EU to participating U.S. companies. The necessary structures and procedures have been put in place to ensure the correct functioning of the Framework.

Privacy Shield in numbers

The EU-U.S. Privacy Shield has been operational for 1 year.
2 400 companies have certified so far.
Approximately 20 new companies apply for certification each week.
3 enforcement actions have been brought by the FTC against companies for false claims of participation in the Framework.


The European Commission’s report makes recommendations for further improvements to ensure that the guarantees and safeguards provided in the Framework continue to function as intended.
The recommendations include:

  • Companies should not be able to publicly refer to their Privacy Shield certification before the certification is finalised.
  • The U.S. Department of Commerce should proactively and regularly conduct searches for false claims of participation in the Privacy Shield.
  • Participating companies should be subject to ongoing monitoring of compliance with the Privacy Shield Principles.
  • Awareness raising efforts should be strengthened.
  • Improve cooperation between enforcers.
  • The commission will commission a study on the relevance of automated-decision making for transfers carried out on the basis of the Privacy Shield.

If you’d like to know more about self-certification with the Privacy Shield Framework, let’s talk!

About the Author:

Ilze Luttig Hattingh
Ilze is what can only be described as a common sense attorney (the Force is strong with her). She specialises in regulatory compliance, risk management and commercial contract law. She joined us in the beginning of 2016 when she got a bit tired of being an in-house legal advisor. Now she is an out-house legal advisor (she gets stuff sorted out). She finds simple, innovative and business-oriented solutions to compliance management problems. Ilze doesn’t write books, she reads them. Ilze likes the wind in her face when she is riding her bike or travelling the world. She’d love to learn how to make bread, Limoncello and a beautiful Bordeaux blend, and how to paint with oils. She also caught Elizabeth’s Lego bug (come to our offices and you will see). She dislikes people who use jargon like ‘big rocks’, ‘on-boarding’ and ‘this speaks to’. Paul often ‘puts things to her’ just for the reaction. She HATES tomatoes. Want to find out more about Ilze? Take a look at her LinkedIn profile, better yet contact her on or (021) 481 1827.