Despite Facebook & their sycophants in the Irish Government throwing millions at a case the European Court of Justice has finally ruled that American companies can no longer use SCC’s (Standard Contractual Clauses) to duck out of responsibilities under GDPR legislation.
SCC’s are used by all the big USA tech giants in this manner, to avoid the fact that once inside the USA, UK & EU data becomes fair game for their alphabet soup of spy agencies. This is a breach of our rights under GDPR and unless the USA governments change all their collective minds about their surveillance laws things will slowly but surely get ugly.
Facebook isn’t the only offender, microsoft are looking at Office365, one-cloud and Skype becoming non-compliant. Google too, with most of their offerings involving USA data centres. G-suite & google-documents could end up on the banned list along with dropbox & dozens of SaaS providers. All this despite all the providers mentioned having really good security reputations