EU – U.S. Privacy Shield – First annual Joint Review
The appointment of an independent Privacy Shield Ombudsperson to safeguard the flow of data between the European Union and the United States is the main demand of the European Union data protection authorities mentioned in the report after the first annual review of the Privacy Shield.
Back in 2016, when the European Commission adopted the Privacy Shield documents governing the principles of transatlantic data flows, EU personal data protection authorities gathered in the Article 29 Working Party indicated that although this solution should be considered a significant step towards the introduction of EU standards for personal data protection in transatlantic relations, they also said that some issues still seem unclear and require clarification. However, it was considered that the introduction of the possibility of an annual review of the program's operation gives hope for further modification of the program, so that it fully reflects the standards of personal data protection applicable in the European Union.
Dialogue is necessary as issues still remain
The first review was carried out in September 2017 and it revealed the existence of many important problems that will have to be analyzed by the European Commission and the US authorities. That is why the Article 29 Working Party appealed to them to restart the dialogue. At the same time, the Article 29 Working Party indicated that in order to be sure that each of these problems would be resolved, a detailed action plan should be drawn up.
Appointment of an independent body is a priority
Appointing an independent Privacy Shield Ombudsperson was considered a priority, which would effectively deal with complaints of data subjects, including the possibility of directly checking whether and what data of the complainant are processed by a given entity. In addition, said Ombudsperson should be able to enforce his decisions realistically, including as to order removal or termination of personal data processing.
In the opinion of the Article 29 Working Party, this issue should be regulated before May 25, 2018, as well as the appointment of the members of the Civil Liberties Oversight Board. Further issues, mentioned in the report, should be resolved by the next annual review at the latest.
Failure to act may result in a court
The Article 29 Working Party warned that if its concerns are not taken into account within the specified time period, the members of the Group will take appropriate steps to change the situation. One of them may be questioning the legality of the Privacy Shield in national courts in order to obtain a preliminary ruling from the EU Court of Justice.