For companies that conduct business in both the European Union and the United States, data transfers between the EU and the U.S. has long been a challenging process, primarily in light of the EU’s strict privacy regulation, the General Data Protection Regulation (GDPR). In order to facilitate data transfers between the EU and other countries, the EU has entered “adequacy determinations” as to some countries – meaning that the EU determined that those countries’ privacy protections were sufficient in order to protect the privacy of those EU citizens whose data might be transferred. Although the EU previously adopted an adequacy determination regarding the U.S., referred to as the Privacy Shield, it was struck down twice after it was challenged by Max Schrems, Honorary Chairman of NOYB (which stands for “None of Your Business”), a European digital rights non-profit.
