Privacy Shield I/II

Dec 21, 20221 min read

The (original) Privacy Shield, the successor of the Safe Harbor, was an agreement between the United States and the European Union to ensure that companies processing personal data from EU citizens comply with the General Data Protection Regulation (GDPR). It was deemed necessary because it provided a framework for U.S. companies to transfer and process the personal data of EU individuals. To this end, it sought to establish a framework of principles that, if observed properly, would establish an adequate level of data protection.

The Schrems II judgment of the European Court of Justice (ECJ) declared the Privacy Shield invalid as, in essence, it did not work in practice and thus failed to properly protect personal data.

Currently, the EU and the US are in the process of agreeing on a Privacy Shield II and the EU Commission has stated that it will issue an Adequacy Decision based on that.

The ECJ however, in its Schrems I and II rulings, has invalidated two transfer mechanisms (Safe Harbor and Privacy Shield I) already. At the same time, the reasons for those decisions have not changed, in particular, the US Cloud Act is still in force. Therefore, we at Engity expect a Schrems III judgment, finding the Privacy Shield II lacking.

Privacy Shield I/II

Company headquarters and server location - both must be right for data …

EU Data Protection Update Q4-2023

EU Data Protection Update Q3-2023

Engity's European Data Protection Update Q2/2023

Engity's EU Data Protection Update Q1/2023

EU Data Protection Update Q4 / 2022

EU-US data transfers under renewed scrutiny – the Shopify case