REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the first annual review of the functioning of the EU–U.S. Privacy Shield Add 1: Commission staff working document accompanying the report

1. On 12 July 2016, the Commission adopted an adequacy decision (C(2016)4176 final) which approved the Privacy Shield, a new framework for EU-US personal data transfers for commercial purposes. Amongst other things it is designed to address the aspects of the safe harbor framework that the CJEU found to be deficient in Schrems. It imposes more specific and exacting measures on organisations that want to join the framework, and also includes additional mechanisms designed to make sure that the privacy rights of individuals in EU member states can be exercised when their data are being processed in the US. US companies may self-certify annually with the US Department of Commerce that they meet the Privacy Shield requirements.

2. Annexed to the adequacy decision document, which contains a detailed analysis of the Privacy Shield, are documents which comprise the Privacy Shield package, detailing the Privacy Shield Principles; transparency, oversight and enforcement arrangements; an ombudsperson mechanism for national security related grievances, and; safeguards and limitations, including written commitments and assurances from various US government bodies, including on limitations on accessing personal data for national security purposes. Among changes incorporated into the final agreement, and in line with articles 25 and 26 of the Data Protection Directive as interpreted by the CJEU in Schrems, it was established that the adequacy of the level of protection should be assessed regularly, considering the whole situation and legal practices : the new framework therefore also provides for an annual joint review of the Privacy Shield. The UK was a firm supporter of the Privacy Shield agreement being finalised and viewed it as a major step forward for restoring certainty and a stable legal footing for transatlantic data flows.

Topic  Data 
Department  DCMS 
Council Reference  13524/17 
COM Reference  COM(17)611 
SEC Reference   
PE Cons   
SWD  SWD(17)344 
C Reference   

Associated file(s)

  1. 29 January 2018 James-Cash - 127 KB - pdf
  2. Document 13524/17 - 426 KB - pdf
  3. Document 13524/17 Add 1 - 708 KB - pdf
  4. EM 13524/17 - 426 KB - pdf
  5. EM 13524/17 + ADD 1 - 708 KB - pdf
  6. EM 13524/17 + ADD 2 - 148 KB - pdf

Search by reference numbers or topic