The European Union on Wednesday gave U.S. President Donald Trump two months to name an ombudsman to tackle EU citizens' complaints under a data protection deal sealed by predecessor Barack Obama's team.
Brussels has previously sought assurances the Trump administration is committed to the deal to protect Europeans' personal data held in the United States by internet giants like Google and Facebook.
The European Commission, the EU's executive arm, said an annual review found that Washington "continues to ensure an adequate level of protection for personal data" under the 2016 Privacy Shield.
But it said the United States should "nominate a permanent ombudsperson by February 28, 2019 to replace the one that is currently acting."
If this does not happen, the commission warned it could take "appropriate measures" under the EU's General Data Protection Regulation (GDPR), which was adopted in May.
The privacy shield came into force in August 2016 to replace a previous arrangement that the EU's top court struck down over concerns about U.S. intelligence snooping.
"Today's review shows that the Privacy Shield is generally a success," said Andrus Ansip, the Commission vice president for the digital single market.
More than 3,850 companies have been certified, including giants Google, Microsoft and IBM, creating "operational ground" to improve how the deal works, he said.
During the first review more than a year ago, the Commission said more than 2,400 companies had been certified.
"We now expect our American partners to nominate the ombudsperson on a permanent basis, so we can make sure that our EU-US relations in data protection are fully trustworthy," Ansip said in a statement.
After the first review, the Commission said the Trump administration had dispelled initial EU doubts about its commitment to the privacy deal despite its "America First" policy.
Officials say the Privacy Shield lays down tough rules to prevent U.S. intelligence agencies accessing European data. Companies face penalties if they do not meet EU standards of protection.
The European Court of Justice threw out the earlier Safe Harbour arrangement after Austrian activist Max Schrems sued Facebook in Ireland, citing U.S. snooping practices exposed by former U.S. intelligence contractor Edward Snowden.