From an EDPB Post:
The EDPB adopted its report on the third Annual Joint Review of the EU-US Privacy Shield. In the report, the EDPB welcomes the efforts made by the U.S. authorities to implement the Privacy Shield, especially regarding ex officio oversight and enforcement actions on the commercial aspects, as well as the appointments of the last missing members of the Privacy and Civil Liberties Oversight Board (PCLOB) and of a permanent Ombudsperson.
However, a number of concerns still need to be addressed. The Board points out that substantial compliance checks with the substance of the Privacy Shield’s principles remain concerning. Other areas that require further attention are the application of the Privacy Shield requirements regarding onward transfers, HR data and processors, as well as the recertification process. More generally, the members of the Review Team would benefit from broader access to non-public information, concerning commercial aspects and ongoing investigations.
As regards the collection of data by public authorities, the EDPB encourages the PCLOB to issue and publish further reports, among others to provide an independent assessment of surveillance programmes conducted outside the US territory, while data are undergoing transfer from the EU to the US. The Board reiterates that its security-cleared experts remain ready to review further documents and discuss additional classified elements.
While the EDPB welcomes the new elements provided during this year’s review, the EDPB still cannot conclude that the Ombudsperson is vested with sufficient powers to access information and remedy non-compliance.
Direct to Complete News Release
Direct to Full Text Report