Privacy Shield changes


Changes to the Privacy Shield program

This article explains the recent changes that affect the Privacy Shield program and why protecting the privacy and security of personal data is of utmost importance.


Privacy Shield then and now

Privacy Shield was a program, agreed upon by the European Commission and the United States Federal Trade Commission, which set up a framework to guarantee adequate privacy protections for European resident data transferred to the United States. 


It replaced the previous EU-US data transfer framework, SafeHarbor, and set up several new mechanisms aimed at providing enhanced privacy protections for EU personal data, and supporting the individual privacy rights guaranteed by the General Data Protection Regulation.


On July 16, 2020, the Court of Justice of the European Union (CJEU) ruled that Privacy Shield did not meet standards for adequate protection of EU individuals’ personal data.


The Privacy Shield program was developed between the EU and US governments as a way to ensure that EU residents’ personal data received appropriate protection when processed within the US. While much of this framework achieved the stated goal, there were outstanding concerns about US transfers, and the CJEU recently ruled that Privacy Shield could no longer provide adequate protection for EU personal data. 


In the same ruling, the CJEU has also given support to the Standard Contractual Clauses as a valid mechanism for data transfers out of the EU. 


With Privacy Shield invalidated, what data transfer mechanism will Sendible use to provide adequacy for transfers to the United States?

Sendible will utilise the controller-to-processor EU Standard Contractual Clauses for data transfers from the EU to US within all Data Protection Addendums going forward. 


The CJEU affirmed the adequacy of these clauses in its ruling, and though they may be amended in the near future, they represent our best path forward to maintaining our commitments to the privacy and security of personal data entrusted to us by customers.


As we take these necessary steps to continue providing service in compliance with the GDPR, we’ll continue to provide updates that are relevant to our Privacy policy and services.


Should you have any further concerns, please reach out to

Have more questions? Submit a request