US-EU Privacy Shield Data Sharing Agreement Struck Down


Thread author
Staff Member
Malware Hunter
Jul 27, 2015
Europe's highest court today struck down the agreement by which companies operating in the EU are allowed to transfer data to the United States. The court ruled that the agreement leaves European customers' data too exposed to US government surveillance.

The agreement, known as Privacy Shield, has been in place since 2016, and more than 5,000 companies operate under its terms. Boiled down, the Court of Justice of the European Union (CJEU) basically ruled that US law is too weak to protect EU citizens' data to the extent EU law demands. As the court put it in a press release (PDF): The limitations on the protection of personal data arising from the domestic law of the United States, on the access and use by US public authorities of such data transferred from the European Union... are not circumscribed in a way that satisfies requirements that are essentially equivalent to those required under EU law.

As a result of the case, US companies doing business in Europe or handling data from European clients will either have to negotiate new individual data-handling arrangements, called Standard Contract Clauses (SCC), with the EU or stop porting data from European operations into the US. The ruling applies to data that companies such as Facebook move around to US servers for internal reasons, but it does not affect "necessary" data transfers, such as take place when someone in Europe sends an email to a recipient in the US, books a flight or a hotel on a US website, or does something equally mundane.


Level 19
Top Poster
Jan 21, 2018
I was reading about this the other day and the consequences of the court ruling for companies like Faceb**k ,who have taken advantage of the Irish data protection commission's slacker approach to regulating customers data compared to many other EU nations.

Personally I think that its well overdue. As a UK citizen the points made about the possible debate between the UK leaning towards one of the EU and USA data protection systems are very important, as they will have huge consequences for those who live here. I hope the regime we have in power here don't bow to Trump, but I have no faith in them not doing so.


Level 44
Top Poster
Nov 10, 2017
The European Court of Justice (ECJ) recently invalidated the EU-US Privacy Shield, which allowed companies to transfer personal data to the US. To keep these vital transfers flowing while complying with the ECJ’s ruling, security, and risk professionals must take these five steps.

In 2000, the European Commission (EC) introduced Safe Harbor. It was a principles-based, voluntary framework to allow companies to transfer personal data of European residents to the US. And Austrian law student Maximilian Schrems took Facebook to court claiming that, once his data reached US soil, privacy protection faded.

Five years later, the European Court of Justice (ECJ) declared Safe Harbor invalid. To replace it, the EC issued the EU-US Privacy Shield. The new framework was supposed to provide additional protection to EU citizens' data with the creation of new safeguards, such as the Data Protection Ombudsman, and the "promise" that US surveillance would be limited. Today, the ECJ decided that these expectations have not been met and invalidated the privacy shield.


About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.