The EU–US Privacy Shield was a legal framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States.
It was put in place to replace the International Safe Harbor Privacy Principles, which were declared invalid by the European Court of Justice in October 2015.
In October 2015 the European Court of Justice declared the previous framework called the International Safe Harbor Privacy Principles invalid in a ruling that later became known as "Schrems I".
[8] On 8 July 2016 EU member states' representatives (article 31 committee) approved the final version of the EU-U.S. Privacy Shield, paving the way for the adoption of the decision by the commission.
They are stated in the following paragraphs:[16] German MEP Jan Philipp Albrecht and Austrian campaigner Max Schrems criticized the new ruling, with the latter predicting that the commission might be taking a "round-trip to Luxembourg" (where the European Court of Justice (CJEU) is located).
[24] In December 2019, the Court of Justice of the European Union (CJEU) issued a preliminary opinion in the Data Protection Commissioner v Facebook Ireland case (also known as Schrems II).
[26][27] The EU–US Privacy Shield for data sharing was struck down by the European Court of Justice on the grounds it did not provide adequate protections to EU citizens from government surveillance.
[4] The European Data Protection Board (EDPB), an EU organization whose decisions are binding for national privacy supervisory authorities, declared that, "transfers on the basis of this legal framework are illegal".
[5][30] On 7 October 2022 President Biden signed an executive order to implement the European Union-U.S. data transfer framework, which adopts new American intelligence gathering privacy safeguards.