The EU-US Privacy Shield was introduced as a replacement for the, now defunct, Safe Harbour agreement with the intent of allowing the free flow of personal data between the EU and US. The EU approved it on the basis that they could rely on the fact that US authorities would provide adequate monitoring and supervision. It seems that this reliance is being called into question more and more in light of legislative changes.
Many companies have just quietly self certified, the Privacy Shield simply requires a US company to submit a statement that it is compliant along with supporting documents and the appropriate fee, but some have made bold public statements about it and, for their sake, I hope this doesn't end up with a slightly embarrassing outcome.
We believe that all these moves towards making the security and transfer of personal data safer and more protected are positive. Whether it's GDPR, Model Clauses, BCRs or even the Privacy Shield if it remains (and you could question whether it's even relevant under GDPR), these all create an environment where individuals can feel more confident that their personal data won't be used to restrict their rights or freedoms.
The EU-US Privacy Shield framework, which has faced a barrage of criticism since its approval in July, took another hit last week when the European Parliament's Civil Liberties, Justice, and Home Affairs Committee ("LIBE Committee") narrowly voted in favor of a resolution declaring the Privacy Shield inadequate. In a vote of 29 to 25, with one abstention, the Committee approved the resolution, which identifies numerous deficiencies the Committee believes are inherent in the Privacy Shield agreement. The LIBE Committee is seeking a thorough review of the Privacy Shield agreement by the European Commission during the first annual joint review of the Privacy Shield, which is set to occur this summer.