The Privacy Shield does not comply with the GDPR. The trans-Atlantic agreement, which regulates the protection of personal data of EU citizens processed in the US, has been annulled by the European Court of Justice.
The Privacy Shield agreement was designed in 2016 by the US Department of Commerce, the European Commission and the Swiss government to allow companies on both sides of the Atlantic to exchange data of European citizens. The agreement made it possible for companies to move personal data from EU citizens to the US. The companies that have signed up to the Privacy Shield register declare that they take adequate measures to protect the personal data.
European privacy rights activists objected against the agreement because they wanted to prevent companies from moving their personal information to countries with looser data protection rules. An Austrian data protection lawyer, Max Schrems, filed a complaint against Facebook, arguing that his privacy rights were violated. His data would be vulnerable to American sniffing after it was transferred to the United States. This resulted in a broader discussion on the validity of transatlantic data transfer agreements.
On Thursday 16 July 2020 the Europe's Supreme Court in Luxembourg has declared the trans-Atlantic agreement Privacy Shield invalid.