Privacy Shield was a data protection agreement meant to secure the transfer of personal data from the EU and Switzerland to the US.

Privacy Shield was set to replace Safe Harbor, invalidated by the Court of Justice of the European Union (CJEU) in October 2015. The updated agreement was intended to protect European residents’ rights effectively, ensure an appropriate security level for processing personal data, and enable seamless data and market exchange between the EU and the US.

However, on July 16, 2020, the CJEU invalidated the Privacy Shield in a decision known as the Schrems II ruling. The court stated that sending personal data from the EU to the US is unlawful if companies can’t guarantee it will be kept from US intelligence. As a result, Privacy Shield is no longer a valid legal basis for EU-US data transfers.

On July 10, 2023 European Commission adopted a new adequacy decision – the EU-US Data Privacy Framework, also known as Privacy Shield 2.0.

Check out our blog posts on Privacy Shield:


  • From Customer Data Platform to Data Activation: Why we’re evolving our approach

    Our Customer Data Platform module is now called Data Activation, reflecting a fundamental shift from data collection to outcome-driven action. We’re changing more than just a name – we’re refocusing on what truly matters: turning behavioral insights into immediate business results.

  • Life after GA4: Why EU organizations are going local

    When Universal Analytics was phased out in 2023, and GA4 rolled out with complexity, many European organisations were forced to rethink how they measure success. For more and more, the solution is clear: use analytics built for Europe, by Europe. Why sovereignty matters Data sovereignty isn’t just a buzzphrase. Under GDPR and the Schrems II…