On July 16, 2020 the European Court of Justice released its judgment in Schrems II regarding the Privacy Shield agreement between the United States and the European Union; the judgment relied on analyses of the Standard Contractual Clauses Decision (SCC Decision), the General Data Protection Regulation (GDPR), and the Commission’s 2016 Privacy Shield Decision. It was in response to a request from the High Court for a preliminary ruling; the original complaint was brought in 2013 by Mr. Max Schrems and “requested … that Facebook Ireland be prohibited from transferring his personal data to the United States.” Mr. Schrems asserted “that, since that data was used in the context of various monitoring programmes in a manner incompatible with Articles 7, 8 and 47 of the Charter, the SCC Decision cannot justify the transfer of that data to the United States.” The Court ruled that Regulation (EU) 2016/679 (GDPR) is applicable even if the data being transferred “is liable to be processed by the authorities of the third country…for the purposes of public security, defence and State security” and that “the level of protection afforded in the context of such a transfer must… take into consideration both the contractual clauses agreed [on by the parties] … and … the relevant aspects of the legal system of that third country.” The Court also ruled on the role of supervisory authorities as laid out in Article 58(2)(f) and (j). It stated that they “cannot adopt measures contrary to … [an adequacy] decision” from the Commission, but are “required to suspend or prohibit a transfer of data” if the rights of the data subject won’t be protected in that transfer and there is no related decision from the Commission. Lastly, it found that the Privacy Shield Decision is not valid, because U.S. law “does not provide for the necessary limitations … with regard to the interferences [into the rights of E.U. citizens] authorised by its national legislation and does not ensure effective judicial protection against such interferences.” In support of the latter point, it found that the Privacy Shield Ombudsmen cannot function as an “independent and impartial court” because of its connections to the U.S. government and its inability to “adopt decisions that are binding on … intelligence services.” A JURIST article states that “[t]he decision is a significant blow to tech companies in both the EU and the US.”