The European Commission is urging federal privacy legislation in the U.S., saying it would “strengthen the protection of our citizens when their data is transferred abroad.”
The advice appears in the second annual review of the U.S.-European Privacy Shield, a framework that allows U.S. firms to transfer data on European citizens if they provide certain protections. The Shield is separate from the GDPR.
In a related development, Andrus Ansip, chief, technology for the EU, argues that the U.S. should appoint a privacy ombudsman, according to the U.S. Industry News.
The U.S. Department of Commerce administers the certification process.
To date, 3,858 U.S. companies have registered with Privacy Shield in its first two years, vs. the 4,000 that had signed up for its predecessor, the Safe Harbor, over 13 years
In addition, 2,100 had re-upped after the first year—a 93% rate.
In contrast, 38 companies have withdrawn from the Shield.
This year’s review reports that the Better Business Bureau, functioning as an independent recourse mechanism (IRM), has seen a sharp rise in complaints related to the Privacy Shield this year.
The BBB received 525 complaints, up from 180 during the prior year. However, none was deemed eligible, meaning most were about companies that had not chosen the BBB as its IRM, or were not Privacy Shield-certified.
Of the complaints received by the BBB, 101 came from the EU and Switzerland. Most were about requests to remove personal data, or to unsubscribe.
Two complaints related to possible privacy violations were dropped when the filers were asked for more information.
In addition, TrustArc received 301 complaints from EU individuals, of which only 30 were eligible Privacy Shield-related complaints.
In one pending procedural change, a company’s due data for re-certification would now be 12 months from the date it submitted its request instead of 12 months from finalization.