What is Privacy Shield?
A former framework for transferring personal data from the EU to the US, invalidated by the EU Court of Justice in 2020 due to US surveillance concerns.
The EU-US Privacy Shield was struck down in the Schrems II ruling because US surveillance law provides insufficient protection for EU citizens' data.
Timeline
- 2000: Safe Harbor framework established
- 2015: Safe Harbor invalidated (Schrems I ruling)
- 2016: Privacy Shield replaces Safe Harbor
- 2020: Privacy Shield invalidated (Schrems II ruling)
- 2023: EU-US Data Privacy Framework adopted as the replacement
Why It Was Struck Down
- US surveillance programs (PRISM, upstream collection) allow mass access to EU citizens' data
- EU citizens have no effective legal remedy against US surveillance
- The standard of protection doesn't meet GDPR requirements
Current Status
The EU-US Data Privacy Framework is now in effect, but privacy advocates expect it to be challenged as well. The fundamental conflict between EU privacy rights and US surveillance law remains unresolved.
Related Terms
Data Sovereignty
The principle that data is subject to the laws and regulations of the country where it is stored or processed.
GDPR
The General Data Protection Regulation is a comprehensive data protection law in the European Union that gives individuals control over their personal data. It establishes strict requirements for how organizations collect, process, store, and transfer personal information.
PRISM
A classified NSA surveillance program revealed by Edward Snowden in 2013 that collects data directly from major tech companies including Google, Apple, Facebook, and Microsoft.
Have more questions?
Use our guided flow to get the right next privacy step for Privacy Shield.
Open Guided Flow