The Article 29 Working Party (WP29) has issued a Press Release indicating it still has concerns about the Privacy Shield.  However it appears that the WP29 (consisting of representatives of the EU Data Protection Authorities) will refrain from challenging the Privacy Shield until after mid-2017. 

The WP29 highlighted that the US Department of Commerce and the European Commission, along with representatives of the EU DPAs, are due to conduct a joint review of the adequacy of the Shield, in mid-2017.  When participating in the review, the WP29 will assess if the safeguards provided under the EU-U.S. Privacy Shield are workable and effective.

The WP29’s concerns with the Privacy Shield include:

  • The lack of specific rules on automated decisions and lack of a general right to object;
  • It remains unclear how the Privacy Shield Principles shall apply to processors;
  • Stricter guarantees concerning the independence and the powers of the Ombudsperson mechanism were expected;
  • Although the US Office of the Director of National Intelligence has made a commitment not to conduct mass and indiscriminate collection of personal data, there is a lack of concrete assurances that such practice will not take place.

The US Department of Commerce announced that it has launched a new website that provides individuals and companies with additional information regarding the Privacy Shield.  The website provides information about complying with, and self-certifying to, the Privacy Shield’s principles. The Department began accepting certifications on 1st August 2016.