The EU-US Privacy Shield was a legal framework created by the U.S. Department of Commerce and the European Commission for the transfer and protection of personal data. It replaced the Safe Harbour framework which was declared invalid by the EU Court of Justice in October, 2015.
Privacy Shield required companies in the U.S. to better protect the personal data for individuals in the EU and required that U.S. companies self-certify annually that they met the requirements.
On July 16, 2020, the EU Court of Justice declared the EU-US Privacy Shield invalid because it did not adequately comply with the EU's General Data Protection Regulation (GDPR).
In March, 2022, the EU and the U.S. agreed in principle to replace the EU-US Privacy Shield with a new legal framework called the Trans-Atlantic Data Privacy Framework. The Trans-Atlantic Data Privacy Framework will not take effect until it is approved by both the EU and U.S..
