News Stream Books Videos Web Conferences Subscriptions Advertise About IAPP Publications
Daily Dashboard Daily Dashboard

The day’s top stories from around the world

 Privacy Perspectives Privacy Perspectives

Where the real conversations in privacy happen

 The Privacy Advisor The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

 Privacy Tracker Privacy Tracker

Alerts and legal analysis of legislative trends

 Privacy Tech Privacy Tech

Exploring the technology of privacy

 Canada Dashboard Digest Canada Dashboard Digest

A roundup of the top Canadian privacy news

 Europe Data Protection Digest Europe Data Protection Digest

A roundup of the top European data protection news

 Asia-Pacific Dashboard Digest Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

 Latin America Dashboard Digest Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

 U.S. Privacy Digest U.S. Privacy Digest

A roundup of US privacy news
Overview KnowledgeNet Chapters Sections Affinity Groups Volunteer Annual Awards Member Directory Privacy List Career Central
Volunteer

Help improve the IAPP with your writing, speaking, or event planning talent. Get involved today!
Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

 Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

 IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

 Member Directory

Locate and network with fellow privacy professionals using this peer-to-peer directory.
Privacy Training Classes Privacy Core Awareness CCPA Ready GDPR Training Sample Questions Books Web Conferences Faculty Resource Center Train Your Staff
Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

 Get CCPA Ready

Demonstrate your commitment to CCPA compliance with IAPP certifications, plus CCPA online training and events bundled to meet your needs.

 Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

 Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

 Privacy Core® library delivers 30+ units

Train your entire global workforce with comprehensive online training available in multiple languages. Powered by OneTrust, developed by the IAPP.

 Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

 Training Product Updates—Get Them Here!

Training online? See the latest updates to our online training programs and our newest textbooks.

 Let’s Get You GDPR Ready Let’s Get You GDPR Ready

May 25 was not the end—it’s just the beginning. We have all the resources you need to meet the challenges of the GDPR.

New! - The Privacy Imperative

View this three-video series featuring global privacy leaders as they discuss the importance of creating a culture of privacy
Overview Certification Programs Get Certified How to Prepare Continuing Privacy Education (CPE) Fees Certify Your Staff Verify a Certification
CIPP Certification CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

 CIPM Certification CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

 CIPT Certification CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

 FIP Designation FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

 Privacy Law Specialist Privacy Law Specialist

The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.

 CIPP/E + CIPM = GDPR Ready CIPP/E + CIPM = GDPR Ready

The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for GDPR readiness. Learn more today.
Tools Research Glossary DPAs FTC Casebook Enforcement Database IAPP Westin Research Center Jobs Vendors
GDPR Genius

This interactive tool provides IAPP members access to critical GDPR resources — all in one location.
Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.
California Consumer Privacy Act

Looking for the latest resources and guidance on the CCPA? IAPP members can get up-to-date information right here.
The 2019 Privacy Tech Vendor Report

We've updated the Privacy Tech Vendor Report highlighting companies offering privacy technology solutions and insight on market trends from industry leaders.
Are You Complying with the GDPR?

The IAPP's EU GDPR page collects the guidance, analysis, tools and resources you need to make sure you're meeting your obligations.
White Papers

Access all white papers published by the IAPP.
IAPP-EY Annual Governance Report 2019

Now in its fifth year, the IAPP-EY Privacy Governance Report has evolved over time, along with the privacy profession itself.
COPRA and CDPA: Similarities, Gray Areas and Differences

This white paper compares the Consumer Online Privacy Rights Act and Consumer Data Privacy Act bills.
IAPP Europe Data Protection Congress IAPP Europe Data Protection Congress

The hub of European privacy policy debate, thought leadership and strategic thinking with data protection professionals.

 IAPP CCPA Comprehensive Live Online IAPP CCPA Comprehensive Live Online

Join this two-day virtual broadcast featuring critical insights to help operationalize your commitment to CCPA compliance.

 IAPP Data Protection Intensives IAPP Data Protection Intensives

Choose from four DPI events near you each year for in-depth looks at practical and operational aspects of data protection.

IAPP Global Privacy Summit IAPP Global Privacy Summit

The world’s top privacy conference. Whether you work in the public or private sector, anywhere in the world, the Summit is your can't-miss event.

 IAPP Canada Privacy Symposium IAPP Canada Privacy Symposium

Mark your calendar to get early bird pricing when registration for Canada's top privacy event opens in February.

 IAPP Asia Privacy Forum IAPP Asia Privacy Forum

World-class discussion and education on the top privacy issues in Asia Pacific and around the globe.

IAPP Privacy. Security. Risk. (P.S.R.) IAPP Privacy. Security. Risk. (P.S.R.)

P.S.R. offers the best of the best in privacy and security, with innovative cross-education and stellar networking.

 IAPP ANZ Summit IAPP ANZ Summit

Delivering world-class discussion and education on the top privacy issues in Australia, New Zealand and around the globe.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Speak at an IAPP Event

View our open calls and submission instructions.
Individual Membership Corporate Membership Group Membership Student Membership
Become a Member

Start taking advantage of the many IAPP member benefits today

 Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

 Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

 ANZ Members

Review current member benefits available to Australia and New Zealand members
{[product.name]} {[ product.name ]}
clear
mode_editEdit
remove_circle_outline {[ getCartItemQuantity(product.id) ]} add_circle_outline
{[ product.price | currencyFilter ]}
TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe Managing Director, 20 October 2017 Related reading: Tech companies voice opposition to encryption backdoors at Senate hearing

rss_feed
PrivacyTraining_ad300x250.Promo1-01

Greetings from Brussels!

This week the European Commission published its first annual report on the functioning of the EU-U.S. Privacy Shield. As a reminder, the aim of the Shield is to protect and safeguard the personal data of anyone in the EU transferred to the U.S. for commercial purposes. As you may know, the European Commission last month conducted its first annual review and audit of the young framework to assess whether the U.S. has maintained its commitments and guarantees — failing which, the European Commission could suspend the Privacy Shield. After the Safe Harbour debacle, there was much at stake for the global economy.

The report summarizes both the strengths and perceived weaknesses of the framework as it stands. And, following one year in operation, the overall opinion showed that the Privacy Shield continues to ensure an adequate level of protection for the personal data transferred from the EU to participating companies in the U.S.

The EU reports that the U.S. authorities have implemented the necessary structures and procedures to ensure the correct functioning of the Privacy Shield, such as new redress possibilities for EU individuals. Complaint-handling and enforcement procedures have been set up, and cooperation with the European data protection authorities has been stepped up. The certification process is functioning well — more than 2,400 companies have now been certified by the U.S. Department of Commerce. As regards access to personal data by U.S. public authorities for national security purposes, relevant safeguards on the U.S. side remain in place. 

If you’ll recall, many of the protections put in place were by means of Presidential Policy Directive 28, signed by former U.S. President Barack Obama. EU Justice Commissioner Vera Jourová said, “The change of administration in the U.S. made this first annual review especially relevant.” Section 702 of the U.S. Foreign Intelligence Surveillance Act, which expires at the end of this year — unless it is reauthorized by the U.S. Congress — still allows U.S. authorities to snoop on EU citizens' email and other digital communications under certain conditions. “For us, the best-case scenario would be if the Congress considered enshrining the protections of data for non-U.S. citizens into this law,” Jourová said.

There were, however, several recommendations to address perceived weaknesses, including the Commission urging the United States to appoint a permanent Privacy Shield ombudsperson as soon as possible — a new office that was created to deal with complaints from EU citizens about U.S. spying, but which is currently only filled on an “acting” basis. In addition, the Commission requested that the U.S. ensure the empty posts are filled on the Privacy and Civil Liberties Oversight Board. The report also requests a more proactive and regular monitoring of companies' compliance with their Privacy Shield obligations by the U.S. Department of Commerce. Further, the U.S. Department of Commerce should also conduct regular searches for companies making false claims about their participation in the Privacy Shield.

In terms of next steps, the report will be sent to the European Parliament, the Council and the Article 29 Working Party, as well as to the U.S. authorities. The Commission will work with the U.S. authorities on the follow-up of its recommendations in the coming months. It goes without saying, the Commission will continue to closely monitor the ongoing functioning of Privacy Shield framework and maintain an open dialogue with the U.S. authorities with respect to their compliance with the commitments.

We should also expect an independent opinion from the WP29 now that the EU executive branch has released their findings. All in all, this is positive news for the more than 2,400 companies signed up to the framework, especially since the Privacy Shield and other alternative transfer mechanisms are already being challenged in European courts by privacy activists. This report may well have a bearing on those proceedings, the final outcome of which we will wait for with much interest.

Author
Paul Jordan Paul Jordan
Tags
EU
Comments

If you want to comment on this post, you need to login.

Related Stories
As global privacy laws evolve, so does the DPO
As data protection laws continue to be revised or are implemented around the world, the data protection officer becomes increasingly important to an organization. In this piece for The Privacy Advisor, Qian Li Loke, CIPP/A, CIPM, FIP, Christopher Schmidt, CIPP/E, CIPM, CIPT, and Luis Alberto Montezu...
Read More queue Save This
ENISA publishes report on pseudonymization
The European Union Agency for Cybersecurity has released "Pseudonymisation Techniques and Best Practices," a report that explores how to shape technology in accordance with data protection and privacy provisions. The report discusses how data protection, utility, scalability and recovery each carry ...
Read More queue Save This
Germany publishes GDPR implementation report
The Conference of Independent German Federal and State Data Protection Supervisory Authorities, Datenschutzkonferenz, has released its report on the application of the EU General Data Protection Regulation. "The GDPR has ensured that progress has been made on achieving the goals of improving the pro...
Read More queue Save This
Related Stories
Tags
EU
Recent Comments