BEERG: EU Commission Makes Recommendations to EU-U.S. Privacy Shield

October 27, 2017

The EU Commission recommended ten adjustments to the EU-U.S. Privacy Shield even as it reaffirmed the adequacy of the program in its first annual Privacy Shield report. These include:

  • More proactive and regular monitoring of companies' compliance with their Privacy Shield obligations by the U.S. Department of Commerce, including regular searches for companies making false claims about their participation in the Privacy Shield.

  • More awareness-raising for EU individuals about how to exercise their rights under the Privacy Shield, notably on how to lodge complaints.

  • Enshrining the protection for non-Americans offered by Presidential Policy Directive 28 (PPD-28), as part of the ongoing debate in the U.S. on the reauthorization and reform of Section 702 of the Foreign Intelligence Surveillance Act (FISA).

  • To commission a study to collect factual evidence and further assess the relevance of automated decision-making for transfers carried out on the basis of the Privacy Shield.
BEERG Executive Director Tom Hayes notes in the most recent BEERG Global Labor Newsletter, "It is the final point in the list above, on automated decision making, i.e., bulk processing, which may prove the single most significant one.  Not only will bulk processing be affected by the GDPR—which comes into effect in just 7 months time—it is worth remembering that it was this specific issue: the bulk/automated processing of the data of EU citizens in the U.S., which led to the scuppering of the old Safe Harbour arrangement via the Patriot Act, the Snowden revelations, and the Schrems' case."  Read the full BEERG Newsletter.  Read Tom Hayes' latest Brexit Blog.