On the basis of the 1995 Data Protection Directive, the European Commission, on 26 July 2000, adopted the “Safe Harbour decision” recognizing the « Safe Harbour Privacy Principles » issued by the Department of Commerce of the United States, as providing adequate protection for the purposes of personal data transfers from the EU. As a result, the Safe Harbour system allowed for the transfer of personal information for commercial purposes from companies in the EU to companies in the U.S. that have signed up to the Principles. The NSA revelations in 2013 raised large questions on surveillance and personal data protection. The Safe Harbour permitted limitations to data protection rules where necessary on grounds of national security. The question therefore arose whether the large-scale collection and processing of personal information under U.S. surveillance programmes was necessary and proportionate to meet the interests of national security. Following the Snowden revelations, the Commission decided to review the Safe Harbour, and issued 13 recommendations for its improvement in November 2013. On 6 October 2015, the Court of Justice declared in the Schrems case that Commission’s Safe Harbour Decision was invalid, on the ground that government surveillance in the U.S. threatens the privacy of EU citizens’ data and that there is no judicial redress for EU citizens whose data is accessed by state surveillance agencies in the U.S.
http://europe-liberte-securite-justice.org/2016/02/11/the-new-privacy-shield-will-the-recent-agreement-put-an-end-to-legal-insecurity/