What is Privacy Shield

The EU-US Privacy Shield was a framework designed to ensure the protection of personal data of European Union (EU) citizens that was transferred to the United States (US) for commercial purposes. The framework was established in 2016 to replace the Safe Harbor Agreement, which was invalidated by the European Court of Justice (ECJ) in 2015 for not providing adequate protection of personal data of EU citizens.

Under the Privacy Shield, US companies that wished to receive personal data from the EU were required to self-certify their compliance with the Privacy Shield principles. These principles included requirements for transparency, security, and individual rights, such as the right to access and correct personal data, and the right to opt-out of the transfer of personal data to third parties.

The Privacy Shield was intended to provide a legal basis for the transfer of personal data between the EU and the US, but in July 2020, the ECJ invalidated the framework, citing concerns over US surveillance laws that allowed for access to personal data of EU citizens by US authorities without adequate safeguards.

The ruling was a blow to many US companies that relied on the Privacy Shield for the transfer of personal data from the EU. The ECJ’s decision was seen as a victory for privacy advocates who had long argued that the Privacy Shield did not provide adequate protection for the personal data of EU citizens.

Following the ECJ’s decision, companies that had relied on the Privacy Shield were left in a state of uncertainty over the legality of their data transfers. Many have since turned to alternative mechanisms, such as Standard Contractual Clauses (SCCs), to ensure the lawful transfer of personal data between the EU and the US.

The EU and the US have been working to find a replacement for the Privacy Shield. In November 2020, the European Data Protection Board (EDPB) issued recommendations for additional safeguards that could be used to ensure the lawful transfer of personal data to third countries, including the US.

The invalidation of the Privacy Shield has highlighted the importance of robust data protection frameworks in a globalized digital economy. The EU and the US must continue to work together to ensure the protection of personal data while also enabling the free flow of data across borders.

Privacy and Trust News

GuidanceNews

The Rise of Smart Gadgets in the UK

Securing the Internet of Things: The UK's Pioneering Legislation In an era where the proliferation of smart devices continuously reshapes our daily lives, the UK government has taken a significant step to bolster cybersecurity with a groundbreaking new law. As the...

Read More

Helping your business exceed the compliance standard.

Our team of experienced privacy attorneys & certified privacy professionals have a proven track record of delivering privacy frameworks and data privacy solutions, tailored to your business needs.