European Union officials want more people to complain about Privacy Shield, the exemption to European Union data protection law that allows businesses to export personal information to the U.S. for processing.
Businesses making billions of dollars' worth of transatlantic data transfers are believed to rely on Privacy Shield, which was introduced last year to replace the Safe Harbor Agreement overturned by the European Court of Justice in 2015.
Its provisions include procedures for EU citizens concerned about U.S. companies' treatment of their personal information to complain to the company concerned, a dispute resolution body, or data protection authorities in the U.S. or in their home country.
But one year into the agreement, "There have been practically no complaints" even though the personal information of tens or hundreds of millions of people has been transferred to the U.S., European Commissioner for Justice Věra Jourová said Wednesday.
Some might consider that a good sign, but Jourová warned: "We should not be complacent. It may be that people lack information about how to complain."
Jourová was presenting the European Commission's first annual review of U.S. authorities' compliance with Privacy Shield's requirements. The report will now be sent to the EU's Parliament and Council, the so-called Article 29 Working Group of European data protection agencies, and to U.S. authorities.
The report calls for the U.S. Dept. of Commerce to improve its monitoring of companies' compliance with Privacy Shield requirements.
Jourová recognized that compliance monitoring had had to take a back seat to the registration of new companies during the first year, but said this needed to change.
She also called for the Commerce Dept. to seek out companies making false claims about their compliance.
Regarding the small number of complaints received from citizens, Jourová encouraged national data protection authorities to publicize the options open to European citizens to lodge complaints and defend their own data.
There's one area in which complaints can't yet be processed: The U.S. is supposed to appoint a permanent Privacy Shield Ombudsperson to deal with requests from EU citizens regarding access to their data by U.S. security agencies. One year on, the post is still vacant, as are four of the five seats on the U.S. Privacy and Civil Liberties Oversight Board. Jourová called for these posts to be filled as soon as possible.
Overall, though, Jourová was positive about the future of Privacy Shield. Although it might still face a legal challenge similar to the one that brought down the Safe Harbor Agreement, she said she is confident it will withstand court scrutiny.
And the election of a new U.S. president -- and with him the arrival of a new U.S. administration -- in the year since Privacy Shield was introduced is not causing problems, according to Jourová.
"I had a very good relationship with the people negotiating Privacy Shield on President Obama's administration. I have wondered whether we can continue based on this spirit of trust," she said.
After two meetings with U.S. Secretary of Commerce Wilbur Ross, though, "I am positive about the approach of the American administration. My second visit dispelled my doubts about whether America First means America Only, which would be bad news for the EU," she said.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.