The Article 29 Working Party (WP29) of EU data protection authorities issued a recommendation on Nov. 28 to increase the level of personal data protection provided by the Privacy Shield framework. Failure to follow the WP29 directive will result in these authorities challenging the validity of the Privacy Shield adequacy decision before courts — potentially leading to U.S. companies losing their certification under the Privacy Shield, and having to freeze data flows and implement other means to legally import personal data from the EU.
However, the WP29 has identified a number of significant concerns that need to be addressed by both the Commission and the U.S. authorities. Therefore the WP29 calls upon the Commission and the U.S. competent authorities to restart discussions. An action plan has to be set up immediately in order to demonstrate that all these concerns will be addressed. In particular the appointment of an independent Ombudsperson should be prioritized and the rules of procedure be further explained including by declassification. PCLOB members as well should be appointed. Those prioritized concerns need to be resolved by 25 May 2018.
The WP29 expects the remaining concerns to be addressed at the latest at the second joint review.
In case no remedy is brought to the concerns of the WP29 in the given time frames, the members of WP29 will take appropriate action, including bringing the Privacy Shield Adequacy decision to national courts for them to make a reference to the CJEU for a preliminary ruling.
Read more in the full report: https://iapp.org/media/pdf/resource_center/Privacy_Shield_Report-WP29pdf.pdf