The US could do more, but it's like pulling teeth
To encourage the US, I recommend pulling those teeth without analgesic, meaning really damaging punitive fines (GDPR anyone?).
The European Commission's (EC) third review of Privacy Shield – the legal fig leaf through which EU citizens' data can be sent to US companies for storage and processing – has found some improvements since last year, but deems the whole agreement as still resoundingly "adequate". Things looking a bit brighter this time include …
Things looking a bit brighter this time include the US Department of State's improved inspections of participating companies by conducting monthly checks to ensure compliance.
Why do I get the feeling that the US Department of State is white washing this. Can they really check every participating company properly every 30 days or is it more like them waving the EC past, like emergency services personnel at a fatal accident, saying something like "Move on, Move on. Nothing to see here".
The problem really lies on the US side (no surprise there, sorry): although the Privacy Shield agreement is mainly a tool to stop an all out trade war (or, to be precise, a mechanism by which US companies can continue to make vast profits off the private details of EU citizens), there is no actual legal match between the two entities.
US law has at federal level so many backdoors (they seem to love them over there) that privacy protection for even US citizens is but a vague and as yet unsubstantiated rumour, which is wholly at odds with the EU situation. As that gap is unlikely to be addressed (because, you know, profit), any attempt to pretend it's all fixed is just marketing and, to be frank, the same BS we were served even befoe Safe Harbor died.