As discussed in the previous chapter, the European Commission cannot grant the U.S. an adequacy decision due to its lack of a federal data privacy law, so EU organizations are unable to freely transfer personal data to the U.S. under the GDPR.

The EU-U.S. Privacy Shield is a data transfer mechanism that was adopted by the European Commission in July 2016 and became available on August 1, 2016. U.S. organizations attesting that they adhere to the framework’s seven Principles provide sufficient assurances that any EU personal data transferred to them is secure. This qualifies them for certification and trouble-free access to the European market as a data processor. Any personal data exchanged under the auspices ...

Get EU GDPR & EU-U.S. Privacy Shield: A pocket guide, second edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.