EU-US Privacy Shield

Log in now for access to this member-only content.

July 16, 2020: The Court of Justice of the European Union declared the EU-U.S. Privacy Shield arrangement is invalid. However, it did uphold the validity of standard contractual clauses, with a caveat: the third country to which EU data is transferred must have protections in place, particularly around access by public authorities and the ability for EU citizens to have legal redress.

The EU-U.S. Privacy Shield, on July 12, 2016, was officially adopted by the European Commission, establishing a data transfer mechanism between the two regions that replaced the previous Safe Harbor framework.

In October of 2015, the European Court of Justice deemed Safe Harbor inadequate in the protection of EU citizen data, particularly in light of the access that the U.S. government had/has to data held on servers in the U.S. The Safe Harbor challenge began in 2012, with then-law student Max Schrems taking issue with Facebook’s data handling practices, claiming they violated EU law. Schrems ended up taking his complaints all the way to CJEU and they agreed.

This topic page contains a curation of tools, resources, news and guidance to assist in learning what the EU-U.S. Privacy Shield means for your organization.

IAPP members get access to tons of great benefits:

  • News. You’re busy. We make it easy to stay on top of the headlines.
  • Networking. It’s all about who you know. Targeted online and in-person channels give you access to the people you want to meet.
  • Resources. Our Resource Center is a one-stop-shop for practical tools and information to help you tackle your biggest challenges.
  • Discounts. Get member-only rates on education products and programs, including study materials for our globally recognized certification programs and annual events.
  • Freebies. You’ll get access to free web conferences, networking chapter meetings, research and so much more.

Log in now to access this IAPP member-only content.
Not a member? Join now.