The European Commission is urging federal privacy legislation in the U.S., saying it would “strengthen the protection of our citizens when their data is transferred abroad.”
The
advice appears in the second annual review of the U.S.-European Privacy Shield, a framework that allows U.S. firms to transfer data on European citizens if they provide certain protections. The Shield
is separate from the GDPR.
In a related development, Andrus Ansip, chief, technology for the EU, argues that the U.S. should appoint a privacy ombudsman, according to the U.S.
Industry News.
The U.S. Department of Commerce administers the certification process.
To date, 3,858 U.S. companies have registered with Privacy Shield in its first two years,
vs. the 4,000 that had signed up for its predecessor, the Safe Harbor, over 13 years
In addition, 2,100 had re-upped after the first year—a 93% rate.
In contrast, 38
companies have withdrawn from the Shield.
This year’s review reports that the Better Business Bureau, functioning as an independent recourse mechanism (IRM), has seen a sharp rise
in complaints related to the Privacy Shield this year.
The BBB received 525 complaints, up from 180 during the prior year. However, none was deemed eligible, meaning most were about
companies that had not chosen the BBB as its IRM, or were not Privacy Shield-certified.
Of the complaints received by the BBB, 101 came from the EU and Switzerland. Most were about
requests to remove personal data, or to unsubscribe.
Two complaints related to possible privacy violations were dropped when the filers were asked for more information.
In addition,
TrustArc received 301 complaints from EU individuals, of which only 30 were eligible Privacy Shield-related complaints.
In one pending procedural change, a company’s due data for
re-certification would now be 12 months from the date it submitted its request instead of 12 months from finalization.