The Privacy Shield is the new framework for commercial data exchange between the United States and the European Union. A response to the Schrems decision which invalidated the previous Safe Harbor regime, the Privacy Shield aims to restore trust in transatlantic data flows while ensuring the rights of Europeans and providing legal certainty for businesses.
This briefing looks at the Privacy Shield, focusing on how the new framework will operate in practice and the differences between it and Safe Harbor.
Safe Harbor and the Schrems Decision
The EU Data Protection Directive (95/ 46/EC) requires that personal data may only be transferred to non-EEA countries if those countries ensure an adequate level of protection for the personal data. The adequacy of the protection is assessed with regard to the country’s domestic law and the international commitments it has in place for the protection of the private lives and basic freedoms and rights of individuals.