The transatlantic flow of personal data is a form of international trade and is of critical importance for the U.S. and European economies. The recent advancements of ICTs such as cloud computing, big data, and IoT are expanding the transborder flows of personal data at an alarming rate. But The level and legal frameworks of data protection vary widely worldwide. That is becoming a serious obstacle to the free transborder movement of personal data and even a trade barrier. In 1980, the OECD adopted the Guidelines on the Protection of Privacy and Transborder Flows of Personal Data in order to address this problem. The article explains and examines the way U.S. and EU manage to solve the problem of transatlantic flow of data. Both the United States and EU assert that they are committed to upholding individual privacy rights and ensuring the protection of personal data. Nevertheless, data privacy and data protection issues have long been sticking points in U.S.-EU economic and security relations, in large part due to fundamental differences between the United States and EU in their approaches to data protection and data privacy laws. Chapter Two covers the basic differences of data privacy frameworks between the EU and the United States. The EU framework can be called one-size-fits-all approach. The EU considers the privacy of communications and the protection of personal data to be fundamental human rights. In Europe, processing of personal data is prohibited unless there is an explicit legal basis that allows it. By contrast, the U.S. framework is referred to as sectoral patchwork approach. Unlike the EU, the United States does not have a single, overarching data privacy and protection framework. In the United States, collecting and processing of personal data is allowed unless it causes harm or is expressly limited by U.S. law. In Chapter Three, the article examines the background and content of the Safe Harbor Agreement through which the United States and the EU agreed on a mechanism that would allow U.S. companies to meet the “adequate level of protection” required by the EU Data Protection Directive of 1995. But the so-called “Snowden leaks” undermined the trust in the security of U.S.-EU data flows. Since then, on October 6, 2015, the Court of Justice of the European Union (CJEU) issued a decision that invalidated the Safe Harbor Agreement. Chapter Four considers the factual background, controversial issues and gist of the CJEU decision. The CJEU essentially found that Safe Harbor failed to meet EU data protection standards, in large part because of the U.S. surveillance programs. Lastly, Chapter Five covers the new EU-U.S. Privacy Shield Agreement adopted following the CJEU decision. The new framework is substantially longer and more detailed than Safe Harbor. The Privacy Shield principles entail seven distinct categories: notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability.