The transfer of personal data is inherent in most online activities. As many of the top online companies are located in the United States, every day there is a huge flow of data from America to Europe. As a result, the data becomes subject to the EU’s more stringent privacy laws such as GDPR . Under GDPR, EU data being transferred to other regions must be transferred to locations that offer “adequate” privacy protection. “Adequacy” is determined by the European Commission which has tended to take a more loose view of the term in order to facilitate data transfers. Conversely, privacy activists have sought to impose a more stringent approach. Notably activists have had the, US-EU Safe Harbour privacy framework’s definition of “adequacy” ruled as invalid by the Court of Justice of the European Union. As a result, companies have shifted to the use of “standard contractual clauses” (SCCs) which are agreements between companies that ensure that EU personal data will be protected in the US according to EU standards. Currently SCCs are the preferred method of ensuring privacy regulations compliance but activists are again seeking to have the validity of this framework overruled by the Advocate General. If SCCs are deemed invalid this will significantly impair the flow of data across the Atlantic and leave many US companies scrambling to find new mechanisms to comply with EU GDPR requirements.
For more refer to: https://www.privateinternetaccess.com/blog/2020/01/why-2020-will-be-make-or-break-time-for-transatlantic-personal-data-transfers/