The European Court of Justice held in the Schrems II case that the Privacy Shield is invalidated, but the possibility to rely on standard contractual clauses for data transfers needs to be assessed on a case by case basis.