Visa reciprocity is a fundamental principle of the European Union’s common visa policy, and the Commission remains fully committed to achieving visa free travel to the United States for all EU Member States as a matter of priority. To this end, the Commission will continue to engage with the United States, in coordination with the five Member States whose citizens still need a visa to travel to the United States, in a result-oriented process.

Commissioner for Migration, Home Affairs, and Citizenship Dimitris Avramopoulos said: “Achieving visa reciprocity for all EU Member States is our top priority. Recent experience shows that a continued diplomatic engagement brings positive results and we will stick to this approach also with the United States. Visa-free travel is in the interest of both sides of the Atlantic, and we expect concrete actions on all sides to accelerate progress to achieve this.”

Over the last 12 months, contacts with the United States have intensified, both at political and at technical level. The Commission has continued to urge the United States to cooperate further with the five Member States concerned: Bulgaria, Croatia, Cyprus, Poland and Romania to accelerate progress towards full visa reciprocity. Visa reciprocity was discussed at all official meetings between the EU and the U.S., including the two recent EU-U.S. Justice and Home Affairs Ministerial meetings – held in Sofia in May 2018 and in Washington D.C. in November 2018.

The Commission will continue to actively support the Member States concerned, including through financial assistance, and to work closely with them to help them fulfil the requirements of the U.S. Visa Waiver Program.

The Commission maintains its position that cooperation and joint diplomatic engagement is the most appropriate way forward. The Commission still considers that adopting a delegated act temporarily suspending the visa waiver for U.S. citizens would be counterproductive at this moment and would not help achieve visa-free travel for all EU citizens. This position can be reviewed in light of future developments.

Next Steps

The Commission will continue to actively support the Member States concerned and to intensify contacts with the U.S. to achieve full visa reciprocity. The EU-U.S. Justice and Home Affairs Senior Officials’ Meeting and the Justice and Home Affairs Ministerial Meeting, both scheduled for the first half of 2019, will provide occasions to advance further.

The Commission will continue to work closely with both the European Parliament and the Council to achieve full visa reciprocity and will report on the further developments in September 2019.

Background

A fundamental principle of EU visa policy is to ensure that third countries on the visa-free list grant a reciprocal visa waiver to citizens of all EU Member States. To support this objective, a visa reciprocity mechanism was set up.

In the framework of the reciprocity mechanism, the Commission has already adopted three reports assessing the situation: on 10 October 2014, on 22 April 2015 and on 5 November 2015, as well as six Communications in April, July and December 2016, May and December 2017, and today’s Communication of 19 December 2018.

The number of non-reciprocity cases has been vastly reduced in the last three-and-a-half years, with the U.S. now being the only country in the EU’s visa-free list which does not grant visa-free access to all EU citizens. Full visa reciprocity was achieved with Canada after it lifted visa requirements for Romanian and Bulgarian citizens as of 1 December 2017. Similar results were already achieved with Australia, Brunei and Japan.

For More Information

Questions and Answers: EU visa reciprocity mechanism

Communication: State of play and way forward as regards the situation of non-reciprocity in the area of visa policy

This year’s report shows thatthe U.S. continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the EU to participating companies in the U.S. The steps taken by the U.S. authorities to implement the recommendations made by the Commission in last year’s report have improved the functioning of the framework.

However, the Commission does expect the US authorities to nominate a permanent Ombudsperson by 28 February 2019 to replace the one that is currently acting.  The Ombudsperson is an important mechanism that ensures complaints concerning access to personal data by U.S. authorities are addressed.

Andrus Ansip, Commission Vice-President for the Digital Single Market, said: “Today’s review shows that the Privacy Shield is generally a success. More than 3,850 companies have been certified, including companies like Google, Microsoft and IBM – along with many SMEs. This provides an operational ground to continuously improve and strengthen the way the Privacy Shield works. We now expect our American partners to nominate the Ombudsperson on a permanent basis, so we can make sure that our EU-US relations in data protection are fully trustworthy.”

Commissioner for Justice, Consumers and Gender Equality, Věra Jourová,stated: “The EU and the U.S. are facing growing common challenges, when it comes to the protection of personal data, as shown by the Facebook / Cambridge Analytica scandal. The Privacy Shield is also a dialogue that in the long term should contribute to convergence of our systems, based on strong horizontal rights and independent, vigorous enforcement. Such convergence would ultimately strengthen the foundation on which the Privacy Shield is based. In the meantime, all elements of the Shield must be working at full speed, including the Ombudsperson.“

Improvements already made include the strengthening by the Department of Commerce of the certification process and of its proactive oversight over the framework. As recommended by the Commission’s first annual review, the Department of Commerce has set up several mechanisms, such as a system of checks (“spot checks”), which randomly selects companies to verify that they comply with the Privacy Shield principles. 100 companies have been checked: 21 had issues that have now been solved. Additional compliance review procedures also include the analysis of Privacy Shield participants’ websites to ensure that links to privacy policies are correct. The Department of Commerce put in place a system to identify false claims which prevents companies from claiming their compliance with the Privacy Shield, when they have not been certified. 

The Federal Trade Commission has also demonstrated a more proactive approach to enforcement by monitoring the principles of the Privacy Shield, including by issuing subpoenas to request information from the participating companies.

As regards access to personal data by U.S. public authorities for national security purposes, new members of the Privacy and Civil Liberties Oversight Board (PCLOB) have been appointed which restores the Board’s quorum. The Board’s report on the implementation of Presidential Policy-Directive No. 28 (PPD-28, which provides for privacy protections for non-Americans) has been made publicly available. It confirms that these privacy protections for non-Americans are implemented across the U.S. intelligence community.

The second review took into account relevant developments in the U.S. legal system in the area of privacy. The Department of Commerce launched a consultation on a federal approach to data privacy to which the Commission contributed and the US Federal Trade Commission is reflecting on its current powers in this area. In the context of the Facebook/Cambridge Analytica scandal, the Commission noted the Federal Trade Commission’s confirmation that its investigation of this case is ongoing.

Next steps

The report will be sent to the European Parliament, the Council, the European Data Protection Board and to the U.S. authorities.

The European Commission expects the U.S. government to identify a nominee to fill the Ombudsperson position on a permanent basis by 28 February 2019 at the latest. If this does not take place by that date, the Commission will consider taking appropriate measures, in accordance with the General Data Protection Regulation.

Background

The EU-U.S. Privacy Shield decision was adopted on 12 July 2016 and the Privacy Shield framework became operational on 1 August 2016. It protects the fundamental rights of anyone in the EU whose personal data is transferred to certified companies in the United States for commercial purposes and brings legal clarity for businesses relying on transatlantic data transfers.

The Commission committed to reviewing the arrangement on an annual basis, to assess if it continues to ensure an adequate level of protection for personal data. After the first annual review, which took place in 2017, the Commission made a number of recommendations to further improve the practical functioning of the Privacy Shield.

On 18 October 2018, Commissioner for Justice, Consumers and Gender Equality Věra Jourová, launched with the US Secretary of Commerce Wilbur Ross the discussions for the second review the EU-U.S. Privacy Shield (statement). The findings in this report are based on meetings with representatives of all US government departments in charge of running the Privacy Shield, including the Federal Trade Commission, the Office of the Director of National Intelligence (ODNI), the Department of Justice and the State Department, which took place in Brussels mid-October 2018, a study on automated decision-making commissioned by the Commission as well as on input from a wide range of stakeholders, including feedback from companies and privacy NGOs. Representatives of the EU’s independent data protection authorities also participated in the review.

For More Information         

Report on the second annual review of the EU-U.S. Privacy Shield

Staff Working Document

EU-U.S. Joint Statement from the 2^nd annual review

Report on the first annual review of the EU-U.S. Privacy Shield

EU-US Privacy Shield including Guide for Citizens

EU-U.S. Privacy Shield: Frequently Asked Questions

Your request will be handled by the Press Office of the General Secretariat of the Council in accordance with the provisions of Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.

Your data will be stored in the database until you unsubscribe from the service.

Certain data (name, e-mail address, preferred language, media name, media type) may be disclosed to the press offices of the European institutions, the Permanent Representations of the Member States and to European Union agencies, under the conditions laid down in Articles 7 and 8 of Regulation 45/2001.

If there is data which you would not like to be stored, please let us know at: [email protected]