Update: What happens after the end of the EU-US Privacy Shield?
In many European companies, all contracts with all service providers are currently under close scrutiny. Are services used that process data in the USA? Was the data protected under the Privacy Shield? If this is the case, new contracts will have to be drawn up, but it is still unclear what they should contain. The standard contract clauses, which were frequently used, are also under criticism. Here, companies can copy clauses directly from the corresponding decision of the EU Commission. Until now, the transfer was considered legal. But the ECJ would also cast doubt on its use because a mere clause will not prevent American intelligence services from accessing it.
Overall, the ECJ decision leaves little room for a legal data transfer between Europe and the USA in the future It also remains questionable whether and when there will be a new agreement. Looking at the history, the chances of success of such an undertaking are doubtful. Observers do not assume that the USA will move so far in this legislative period that its conduct will meet the strict rules of the EU. This means one thing above all: massive legal uncertainty for companies and the IT industry.