The take-up for the Safe Harbor framework was also slow back in 2000, much slower in fact, but back then companies were still discovering that they had compliance obligations under the EU Data Protection Directive and the program was quite novel, with considerable uncertainty attached to it. These conditions don’t apply today, but there are new inhibiting factors at play: (a) a gap of some nine months since the Safe Harbor adequacy decision was invalidated by the Court of Justice of the European Union, forcing many companies to switch to and settle into other transfer mechanisms, such as model contracts; and (b) continuing uncertainty about whether Privacy Shield will withstand the legal challenges likely to be brought against it by citizens or DPAs such as Hamburg's Johannes Caspar. Nevertheless, Privacy Shield remains the only game in town for a large number of companies, making it very likely that the number of participants will swell, even if the mechanism proves to be only a temporary solution. According to an August 16 press release, TRUSTe is working with over 500 companies to assess and verify compliance with the new requirements for Privacy Shied.
Increased numbers of submissions can be expected by September 30, the last day to take advantage of an official grace period to bring contractual relationships with third parties into alignment with Privacy Shield requirements. However unfair and unjustifiable this grace period may be, companies submitting certifications after that date will have to attest that they have such relationships in order as of the date of filing.