EU–US Privacy Shield

E221479

The EU–US Privacy Shield was a transatlantic data transfer framework that governed how companies could legally move personal data from the European Union to the United States while aiming to ensure adequate privacy protections.

All labels observed (4)

How this entity was disambiguated

Statements (48)

Predicate Object
instanceOf EU–US data protection arrangement
data transfer framework
international agreement
aimedToEnsure adequate level of protection for personal data transferred from the EU to the US
appliesTo commercial organizations
personal data of EU residents
enteredIntoForceIn 2016
governed transfer of HR data from EU to US for participating companies
hasJurisdiction European Union
United States of America
surface form: United States
includedMechanism enforcement by US authorities
ombudsperson mechanism for national security complaints
redress mechanisms for EU data subjects
self-certification by US companies
includedPrinciple access
accountability for onward transfer
choice
data integrity and purpose limitation
notice
recourse, enforcement and liability
security
legalBasis Article 25 of Directive 95/46/EC
EU data protection law
providedFor annual joint review by EU and US authorities
regulates transatlantic personal data transfers
relatedTo EU adequacy decisions
GDPR
surface form: General Data Protection Regulation
replaced EU–US Privacy Shield self-linksurface differs
surface form: Safe Harbor Privacy Principles
requiredComplianceWith EU–US Privacy Shield self-linksurface differs
surface form: Privacy Shield Principles
sectoralEnforcementBy United States Department of Transportation
surface form: US Department of Transportation

Federal Trade Commission
surface form: US Federal Trade Commission
successorFramework EU–US Data Privacy Framework
wasAdministeredBy U.S. Department of Commerce
surface form: United States Department of Commerce
wasAdoptedBy European Commission
wasAdoptedOn 2016-07-12
wasAnnouncedBy European Commission
United States government
wasChallengedBy Maximilian Schrems
wasCriticizedBy civil society organizations
privacy advocates
wasInvalidatedBecauseOf concerns about US surveillance laws
insufficient judicial redress for EU data subjects in the US
wasInvalidatedBy Court of Justice of the European Union
wasInvalidatedInCase Data Protection Commissioner v Facebook Ireland and Maximillian Schrems
Data Protection Commissioner v Facebook Ireland and Maximillian Schrems
surface form: Schrems II
wasInvalidatedOn 2020-07-16
wasNegotiatedBy European Commission
U.S. Department of Commerce
surface form: United States Department of Commerce

How these facts were elicited

Referenced by (8)

Full triples — surface form annotated when it differs from this entity's canonical label.

EU–US Privacy Shield replaced EU–US Privacy Shield self-linksurface differs
this entity surface form: Safe Harbor Privacy Principles
EU–US Privacy Shield requiredComplianceWith EU–US Privacy Shield self-linksurface differs
this entity surface form: Privacy Shield Principles
EU–US Data Privacy Framework follows EU–US Privacy Shield
EU–US Data Privacy Framework replaces EU–US Privacy Shield
EU–US Data Privacy Framework relatedTo EU–US Privacy Shield
EU–US Data Privacy Framework relatedTo EU–US Privacy Shield
this entity surface form: Safe Harbor Privacy Principles
EU–US Data Privacy Framework relatedTo EU–US Privacy Shield
this entity surface form: Schrems I judgment