The Privacy Shield between the EU and the USA has passed its first test. Just over a year after its entry into force, Privacy Shield was subjected to an audit by the European Commission. The Commission summarizes the result of the audit in its Report from October 18 (PDF) as follows:
The annual review has demonstrated that the U.S. authorities have put in place the necessary structures and procedures to ensure the correct functioning of the Privacy Shield. The certification process has been handled in an overall satisfactory manner and more than 2400 companies have been certified so far. The U.S. authorities have put in place the complainthandling and enforcement mechanisms and procedures to safeguard individual rights. This includes also the new additional redress avenues for EU individuals such as the arbitration panel and the Ombudsperson mechanism. Regarding the latter, an Acting Ombudsperson was designated following the change of Administration in January 2017, whereas the nomination of a permanent Ombudsperson is pending. Cooperation with European data protection authorities has been stepped up. As regards access to personal data by public authorities for national security purposes, relevant safeguards on the U.S. side remain in place, notably those based on Presidential Policy Directive 28 issued in 2014 which sets out limitations and safeguards on use by national security authorities of personal data, regardless of nationality of the individual. In this context, it should also be noted that section 702 of the U.S. Foreign Intelligence Surveillance Act (FISA) is set to expire on December 31, 2017 and that reform proposals are under discussion in the U.S. Congress.
Details can be found in the Commission Staff Working Document SWD(2017) 344 final. This and other documents are available here.