The Department of Commerce issued an update to explain how it has supported the E.U.-U.S. and Swiss-U.S. Privacy Shield frameworks. As we have written previously, the Shield gives E.U. companies a basis under which it can send personal data to entities in the U.S. The comments from Commerce come after the Europeans raised concerns about the sufficiency of the program, which gets re-evaluated annually.
Some of the measures Commerce pointed to that it has implemented include a more rigorous reviews of corporate privacy policies and requiring companies to delay public representations of Privacy Shield participation until the Department of Commerce’s review process is complete. Commerce also stated that it is conducting more monitoring of companies, and is strengthening enforcement. In addition, the update calls for the appointment of a Privacy Shield Ombudsperson with whom consumers can raise concerns about corporate use of their information.
Putting it Into Practice: These comments from the Department of Commerce show that they recognize that Privacy Shield is under scrutiny as we come into the final few days prior to GDPR implementation.