The European Commission has just published its first annual report on the operation of the EU-U.S. Privacy Shield, and we’re pleased the report recognizes that the Privacy Shield is operating well. With this review complete, companies can continue to rely with confidence on the Privacy Shield and its effectiveness in facilitating the free flow of data, which is essential in unlocking the full potential of cloud computing.
The Privacy Shield provides an important means to enable the transfer of personal data from the EU to the U.S. Workday was among the first of more than 2,400 companies to certify to the Privacy Shield framework in August 2016 and we just completed our recertification in August 2017. As part of the operation of Privacy Shield, there is a requirement for annual reviews by the European Commission in order to ensure that it is operating effectively and protecting personal data transferred pursuant to its terms.
As the European Commission’s report notes, the U.S. has put in place the structures and procedures needed for the Privacy Shield to function effectively. At Workday, we can attest to the thoroughness of the requirements that must be met to attain certification to the framework. As part of our most recent recertification with the U.S. Department of Commerce, we had TrustArc conduct a third-party assessment of our Privacy Shield program to verify that we continue to adhere to its requirements. Also, the Federal Trade Commission has notably stepped up Privacy Shield enforcement, while other important protections for personal data in the national security context, such as Presidential Policy Directive 28, remain in place.
We were encouraged to see in the report that the European Commission concluded that “the United States continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the Union to organisations in the United States.”