Back to all glossary articles

Privacy Shield

Privacy Shield was a data protection agreement meant to secure the transfer of personal data from the EU and Switzerland to the US.

Privacy Shield was set to replace Safe Harbor, invalidated by the Court of Justice of the European Union (CJEU) in October 2015. The updated agreement was intended to protect European residents’ rights effectively, ensure an appropriate security level for processing personal data, and enable seamless data and market exchange between the EU and the US.

However, on July 16, 2020, the CJEU invalidated the Privacy Shield in a decision known as the Schrems II ruling. The court stated that sending personal data from the EU to the US is unlawful if companies can’t guarantee it will be kept from US intelligence. As a result, Privacy Shield is no longer a valid legal basis for EU-US data transfers.

On July 10, 2023 European Commission adopted a new adequacy decision – the EU-US Data Privacy Framework, also known as Privacy Shield 2.0.

Check out our blog posts on Privacy Shield:

  • first party data

    First-party analytics without consent: Your Digital Omnibus compliance guide

    The Digital Omnibus is the European Commission’s simplification initiative to modernize the EU’s digital rulebook and reduce consent fatigue. The framework would enable first-party analytics without consent when specific criteria are met, ending years of uncertainty about the use of legitimate interest for web statistics.

  • University website personalization: First-party data strategies for student recruitment and retention

    University websites receive millions of visits annually from diverse audiences – prospective students, admitted students weighing their options, current undergraduates, graduate students, parents, alumni, and faculty. Yet most institutions serve identical content to all these visitors, missing critical opportunities to engage each audience with relevant information.

Other definitions

Recent posts from Piwik PRO blog