- Continued U.S. bulk surveillance of Europeans, in violation of the Schrems ruling by the CJEU
- The viability of redress mechanisms, which are all U.S.-based
- The lack of an independent oversight by the U.S. ombudsman
- Data retention provisions
The vote by the LIBE committee passed by a narrow margin of 29 to 25. The resolution is expected to be taken up by the full EU Parliament during the first week of April.
Earlier, the U.S. Dept. of Commerce administrator for the Privacy Shield framework, Catlin Fennessy, stated at a recent IAPP seminar in London that over 1800 companies had certified compliance with the Privacy Shield framework, with another 300 companies in the pipeline. Confirming an earlier analysis by HR Privacy Solutions, Fennessy reported that participants are largely small-to-medium-sized enterprises, with some 70% having fewer than 500 employees. In addition, participants are heavily slanted towards the technology and consulting sectors. Perhaps most significantly, no complaints about Privacy Shield from data subjects have reached the FTC, the Commerce Department or the special arbitration mechanism set up as a last-resort option.