The court declared Safe Harbor invalid in October 2015 after a complaint from Austrian Max Shrems, who objected to Facebook's use of his data.
Shrems had lodged a complaint because of the revelations made in 2013 by Edward Snowden concerning the activities of the United States intelligence services, particularly the National Security Agency.
Data about Shrems and other subscribers residing in the EU is transferred by Facebook from its Irish subsidiary to servers located in the United States.
Following the revelations about US intelligence agencies' activities, the court agreed with Shrems that US law and practice do not offer sufficient guarantees that public authorities will refrain from monitoring the data transferred to that country. It consequently ruled the Safe Harbor agreement invalid.
The new Privacy Shield is intended to provide safeguards to protect Europeans' data, where Safe Harbor did not.
However, experts have voiced concerns that the new agreement is not really any better than Safe Harbor. On Tuesday German newspaper Die Zeit raised another issue: that the new law is just a repackaging of the old one, and compared its introduction to the re-launch of Twix chocolate bars in Germany in 1991 (they had previously been known there as Raider bars).
"This is the crucial question: is Safe Harbor to Privacy Shield what Raider was to Twix? New name, old content? Or is European citizens' data better protected from the US government under Privacy Shield than it was under Safe Harbor," asked Patrick Beuth.
Jan Philipp Albrecht, a specialist in data protection who represents the German Green Party in the EU Parliament, told Die Zeit that the changes to the law will not offer EU citizens any better protection in practice.
US laws allow the authorities there "general access to the content of electronic communications," Albrecht explained.
The new Privacy Shield is not a law that would override law in the US, and the EU Commission does not have any guarantees of its implementation in the US.
"It can hardly be the case that the law in the US is changed by an exchange of letters between the government and the EU Commission," Albrecht said.
EU citizens are not the only internet users to be worried about how their data is being used in the US. In December 2014 Russian lawmakers passed legislation about the storage of personal data, which uses a different method to ensure the safety of individuals' data.
The legislation allows exceptions for the courts, media outlets, foreign embassies, and foreign systems used to book airplane tickets.
Many international companies, such as Paypay, eBay, Aliexpress, Booking.com, Uber, Samsung and Lenovo, announced they had transferred clients' data to servers in Russia before the September 1 deadline.
Other large internet companies like Google, Facebook and Twitter have not yet announced whether they have moved their clients' data to servers in Russia, and last month Alexander Zharov of Russia's federal service for supervision of communications, information technology, and mass media (Roscomnadzor) told Rossiyskaya Gazeta that sooner or later these companies will be checked to make sure they are complying with the new law.
"If we find any violations, we will consult with the company and find out whether they intend to observe the law. If they are, we will give them enough time to comply with the law," Zharov said.
