EU gives thumbs up to US data pact

The ECJ verdict came in the wake of whistleblower Edward Snowden's revelations of US-led mass surveillance programs.

According to EU justice commissioner Vera Jourova, who presented the first annual report on the agreement, the Shield is "working well" and continues to ensure an adequate level of protection for Europeans' personal data transferred to participating companies in the US.

"US authorities", said Jourova "are complying with their commitments" by putting in place necessary structures and procedures to ensure the correct functioning of the agreement - such as new redress possibilities for EU individuals, a complaint-handling and enforcement procedure and cooperation with the European Data protection authorities.

There are 2,400 companies - including Facebook, Microsoft, Google and Alphabet Inc - said Jourova, "that have been certified by the US Department of Commerce" so far. That is more "than what happened" during the 10 years during which "the previous agreement was in place".

Room for improvement

Nevertheless, the commissioner explained, some "room for improvements" is still called for, notably the need from the the US Department of Commerce for a tougher monitoring of the compliance of companies with its privacy rules.

Commission vice-president for the digital single market Andrus Ansip said "this first annual review demonstrates our commitment to create a strong certification scheme with dynamic oversight work."

In the coming months, the Commission will continue to to closely monitor the functioning of the Privacy Shield framework, including the US authorities' compliance with their commitments.

The Commission's report, represents a further step after the first annual joint review of the Shield, held in Washington in mid-September 2017 to ensure the United States lived up to its guarantees to better protect data EU data transferred across the Atlantic.

Privacy ombudsperson needed

Last month, commissioner Jourova had told journalists that she wanted the United States to nominate a qualified privacy ombudsperson - someone who, as decided in the Privacy Shield, would be able to deal with European citizens' complaints about US spying.

Major concerns were expressed by Jourova as regarding possible forthcoming changes within the US Foreign Intelligence Surveillance Act (FISA), that is up for renewal before the end of the year.

"Of course we are very concerned about what the new version of this act will mean for Privacy Shield" explained Jourova.

"I was very clear about our position that we do not want to see any changes which will go to the detriment of the protection of private data of Europeans so we will be watching this very closely in the coming weeks and months," she added.