The US Cloud Act is an American law that was passed in 2018 which enables the United States government to access data stored on servers located outside the country. This undermines the GDPR by allowing U.S.-based companies to share data with foreign countries without having to comply with those regulations first.
Thus, the US Cloud Act is a major obstacle to any attempt to establish a reliable data transfer mechanism between the EU and the US. This will, in our assessment, also be true for the planned Privacy Shield II, a planned agreement between the EU and US that is thought to become the basis for an Adequacy Decision. Virtually nothing has changed on the US side regarding the issues criticized by the European Court of Justice (ECJ). Therefore, we do not expect a new transfer tool to hold up in court as long as the US Cloud Act is in force.