The flow of data across international borders is crucial to commerce in today’s global economy. After last year’s invalidation of the Safe Harbor framework, which enabled companies to transfer personal data from the EU to the US by self-certifying that they complied with the EU’s stricter privacy standards, businesses were left scratching their heads. EU law dictates that organizations that want to transfer data outside the EU can only do so with adequate privacy protection. But the privacy protection provided by the US has been deemed inadequate, and Safe Harbor, upon which thousands of companies across the world relied for their transatlantic business, has been ruled invalid.

After nine months of uncertainty as to how companies could transfer personal information without running afoul of the EU Data Protection Directive (“EU Directive”), in August 2016, the EU Commission (“EC”) finally adopted a new mechanism for the transfer of personal data from the European Union to the United States, branded the “EU-US Privacy Shield” (“Privacy Shield”)...