It all seemed to be going so smoothly for US policy-makers when the gathering of the EU's privacy regulators (the Article 29 Working Party) issued a draft review of the US Privacy Shield in February. But the final report means the champagne will remain in the bottle for sometime yet.
Basically, the regulators found the Privacy
Sword Shield is hard to read, unclear, inconsistently worded, inconsistent with the new General Data Protection Regulation, does not provide equivalent protection, makes it too hard for foreigners to get redress, the proposed Ombudsman will be neither independent nor adequately resourced; and does "not exclude massive and indiscriminate collection of
personal data originating from the EU"!
Meanwhile, data transfers from the EU to the US are still okay to take place under the existing data transfer mechanisms ('standard model clauses' and 'Binding Corporate Rules').
Pity Mr Schrems who managed to overturn the 'Safe Harbor' but leave us even less protected than before!