On June 2, 2017, in preparation for the first annual review of the EU-U.S. Privacy Shield (“Privacy Shield”) framework, the European Commission has sent questionnaires to trade associations and other groups, including the Centre for Information Policy Leadership at Hunton & Williams LLP, to seek information from their Privacy Shield-certified members on the experiences of such organizations during the first year of the Privacy Shield. The EU Commission intends to use the questionnaire responses to inform the annual review of the function, implementation, supervision and enforcement of the Privacy Shield.
Among other focus areas, the questionnaire seeks information on how Privacy Shield-certified entities have:
- implemented policies, procedures and other measures to meet their Privacy Shield obligations and each of the Privacy Shield Principles;
- modified their business and contractual arrangements with third parties to ensure that the third parties appropriately protect the personal information they receive from Privacy Shield-certified organizations;
- addressed complaints (if any) from individuals whose personal information has been transferred pursuant to the Privacy Shield; and
- addressed the requirement to select an independent dispute resolution mechanism.
The questionnaire also asks for Privacy Shield-certified organizations’ views on:
- the issuance of transparency reports, pursuant to the USA Freedom Act, regarding U.S. authorities’ national security-related access requests;
- the extent to which personal information transferred pursuant to the Privacy Shield is used for automated decision-making in connection with decisions that might significantly affect individuals’ rights or obligations;
- developments in U.S. law that might affect the EU Commission’s assessment of the Privacy Shield; and
- challenges that such organizations have encountered in meeting the Privacy Shield’s requirements.
Responses to the questionnaire are due to the EU Commission by July 5, 2017.