Privacy Shield was a data protection agreement meant to secure the transfer of personal data from the EU and Switzerland to the US.

Privacy Shield was set to replace Safe Harbor, invalidated by the Court of Justice of the European Union (CJEU) in October 2015. The updated agreement was intended to protect European residents’ rights effectively, ensure an appropriate security level for processing personal data, and enable seamless data and market exchange between the EU and the US.

However, on July 16, 2020, the CJEU invalidated the Privacy Shield in a decision known as the Schrems II ruling. The court stated that sending personal data from the EU to the US is unlawful if companies can’t guarantee it will be kept from US intelligence. As a result, Privacy Shield is no longer a valid legal basis for EU-US data transfers.

On July 10, 2023 European Commission adopted a new adequacy decision – the EU-US Data Privacy Framework, also known as Privacy Shield 2.0.

Check out our blog posts on Privacy Shield:


  • What is considered protected health information (PHI) under HIPAA? A guide for healthcare marketers

    Quick summary What PHI is: Any individually identifiable health information created, received, maintained, or transmitted by a covered entity or its business associates Who it applies to: Healthcare providers, health plans, healthcare clearinghouses, and their business associates Why it matters for marketing: Marketing tools that collect or transmit PHI without a BAA create HIPAA compliance…

  • We checked 59 hospital websites. 73% kept tracking visitors after opt-out.

    A new study by Piwik PRO and Verified Data scanned 59 major US hospital and clinic websites for tracking and data compliance. The findings show just how common it is for major US healthcare websites to run marketing tools that weren’t built for a regulated environment. What we actually found Across the 59 scanned sites,…