See 16 July 2020 decision by the Court of Justice of the European Union in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (Case C-311/18), “Schrems II”) at https://www.anonos.com/judgment-of-the-court.
 All cloud, SaaS and outsource providers are impacted; the only exceptions are offerings by service providers organized under the laws of EU/EEA countries or countries having EU data privacy adequacy decisions and not making use of external cloud, SaaS or outsource capabilities from other countries. The only countries with valid EU adequacy decisions are Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, and Uruguay. See https://noyb.eu/en/next-steps-eu-companies-faqs.
 See English-language translation of German Guidance at https://privacytranslations.com/international_data_transfer
 NOYB initiated the Schrems II lawsuit that successfully invalidated the Privacy Shield and is suing over one hundred EU companies for failing to immediately comply with the Schrems II ruling which provided no grace period for compliance. See https://techcrunch.com/2020/08/18/eu-websites-use-of-google-analytics-and-facebook-connect-targeted-by-post-schrems-ii-privacy-complaints/
 NOYB challenges the notion that encryption can be an effective technical safeguard given the purported ability of the US government to break encryption. Encryption alone doesn’t meet Schrems II challenges because encrypted,data is only protected at rest and in transit but has no utility, and when decrypted to provide utility in use, data is no longer protected. See https://noyb.eu/en/next-steps-eu-companies-faqs.
 NOYB highlights the US government’s use of “selectors” to surveil EU personal data. These selectors may be “strong” (like email addresses, IP addresses or phone numbers) or “soft” (like indirect identifiers, keywords or attributes that by themselves do not identify a particular person, but when combined with other data can lead to re-identification). The use of “selectors” makes the use of anonymised data for Schrems II compliance impossible except for the most generalised, non-relinkable data. See https://noyb.eu/en/next-steps-eu-companies-faqs.