Changes have reportedly been made to the proposed Privacy Shield framework for EU-US personal data transfers which address EU concerns raised about its adequacy.
A revised framework has yet to be officially published, but changes reportedly relate to:
Bulk collection of data. Conditions under which bulk data may be collected and transferred have been further specified and must be "targeted and focused".
Data retention. More rules have been introduced, requiring the deletion of data that no longer serves the original purpose for which it was collected.
Ombudsperson. Changes have been made to address concerns raised about the powers, position and independence of an Ombudsperson.
Once finalised, which according to reports may occur in early July, the Privacy Shield is likely be welcomed by EU data controllers as an option for facilitiating legitimate data transfers to the US. Controllers who depended on the now invalid Safe Harbor framework to legitimise transfers were advised by the EU that EU Standard Contractual Clauses could alternatively be used, but doubt remains as to their validity, which may soon be examined by the ECJ (see Legal update, US government and interested groups seek to join Irish case on EU standard contractual clauses).