Back to all glossary articles

Privacy Shield

Privacy Shield was a data protection agreement meant to secure the transfer of personal data from the EU and Switzerland to the US.

Privacy Shield was set to replace Safe Harbor, invalidated by the Court of Justice of the European Union (CJEU) in October 2015. The updated agreement was intended to protect European residents’ rights effectively, ensure an appropriate security level for processing personal data, and enable seamless data and market exchange between the EU and the US.

However, on July 16, 2020, the CJEU invalidated the Privacy Shield in a decision known as the Schrems II ruling. The court stated that sending personal data from the EU to the US is unlawful if companies can’t guarantee it will be kept from US intelligence. As a result, Privacy Shield is no longer a valid legal basis for EU-US data transfers.

On July 10, 2023 European Commission adopted a new adequacy decision – the EU-US Data Privacy Framework, also known as Privacy Shield 2.0.

Check out our blog posts on Privacy Shield:

  • Anonymous website visitor tracking: How to do useful analytics without personal data [Updated]

    Regulations worldwide, like GDPR or the ePrivacy Regulation, set a high bar for collecting user data. For one, GDPR requires consent to process the data if it’s reasonably likely that such data could be used to identify an individual. The problem is that consent opt-in rates typically vary between 30% and 70-80%. The solution? Anonymizing…

  • What is PII, non-PII, and personal data? [UPDATED]

    Personally identifiable information (PII) and personal data are two classifications of data that often confuse organizations that collect, store and analyze such data. Both terms cover common ground, classifying information that could reveal an individual’s identity directly or indirectly. PII is used in the US, but no specific legal document defines it. The legal system…

Other definitions

Recent posts from Piwik PRO blog