The European Commission said its deal with the U.S. on transatlantic data flows has adequately secured transfers of Europeans' personal data from the EU to the U.S., more than a year since the pact was adopted in July 2016.
In its first annual review of the EU-U.S. Privacy Shield agreement, the commission expressed confidence that U.S. authorities have put in place the necessary safeguards on personal data access, as well as a new redress mechanism for privacy issues raised by European citizens.
The EC, however, said the agreement's implementation can still be improved. It recommended raising awareness among Europeans to exercise their rights under the treaty, as well as stricter monitoring of companies' compliance with their Privacy Shield obligations.
The commission is also pushing for further cooperation between the U.S. Department of Commerce, the U.S. Federal Trade Commission and EU data protection regulators on data privacy concerns. Furthermore, it called on the U.S. government to immediately appoint a permanent Privacy Shield ombudsperson, as well as to fill up empty seats on the U.S. Privacy and Civil Liberties Oversight Board.
"The Privacy Shield is not a document lying in a drawer. It's a living agreement that both the EU and U.S. must actively monitor to ensure we keep guard over our high data protection standards," EU Justice Commissioner Vera Jourová said.
The commission is expected to follow up with U.S. authorities on their recommendations within the coming months, while closely monitoring the U.S. authorities' compliance with their commitments under the agreement.
The Privacy Shield pact replaced the previous Safe Harbor agreement that was rendered invalid by the Court of Justice of the European Union. Tech giants such as Alphabet Inc. unit Google Inc., Facebook Inc. and Microsoft Corp. led other U.S. companies in signing up for the agreement.