On 12 July 2016, the European Commission adopted the EU-U.S. Privacy Shield. For most companies, the Privacy Shield shall, in practice, be very similar to the previous framework, Safe Harbor, and most of the Privacy Shield requirements follow the original Safe Harbor rules. However, several principles have been developed in more detail. Thus, companies transitioning from Safe Harbor to Privacy Shield may need to take further steps to bring their practices into compliance with the Privacy Shield.

In particular, the EU-U.S. Privacy Shield imposes tougher obligations on U.S. companies to protect European personal data. This reflects the requirements of the European Court of Justice, which ruled the previous Safe Harbor framework invalid. The Privacy Shield requires the U.S. to monitor and enforce more robustly, and cooperate more with European Data Protection Authorities. It includes, for the first time, written commitments and assurances regarding access to data by public authorities.