2016 brought important news for any company that transfers across borders, or receives cross-border transfers of, consumer or employee personally identifying data (very broadly defined). On July 12th, the European Commission adopted the so-called “Privacy Shield” mechanism for data transfer between the European Economic Area and the US. US companies that choose to do so were able to self-certify for the Shield beginning August 1, 2016. But while approval of the Shield is welcome news to many companies that relied on the previously invalidated Safe Harbor Framework, not everyone will want to take advantage of it. Alternative data transfer mechanisms still exist. And for some companies the Privacy Shield may ultimately lead to more, not less, risk. Here’s a summary of what you need to consider.