The Safe Harbor agreement, the framework companies in the United States and the European Union had been using to exchange citizens' personal data, was declared invalid by the European Court of Justice on Oct. 6, 2015. The court declared it was invalid because the level of data protection in the U.S. cannot be considered adequate to protect the privacy of EU citizens.
The new EU-U.S. agreement, called the Privacy Shield, was approved by the EU Commission on July 12, 2016. It imposes stronger obligations on U.S. companies to protect EU individuals' personal data. This article summarizes the requirements set forth by the European Court of Justice, the key elements U.S. companies now have to consider, and the steps needed to join the Privacy Shield through self-certification.