The European Court of Justice ruled that the so-called EU-US Privacy Shield, which was enforced in 2016 to regulate the transfer data across the Atlantic Ocean by Facebook and other companies, has failed to protect European rules on privacy and data protection. The ruling is expected to put further pressure on the European Commission to protect European data, unless the U.S. reforms its own digital surveillance system, in particular by preventing the U.S. National Security Agency (NSA) from gaining access to European citizens’ data. On the other hand, the court upheld the validity of another data transfer mechanism, the Standards Contractual Clauses (SSC), which is also used by Facebook and other companies. Coming after the introduction by the European Union of the new Platform-to-Business Regulation (P2B), this is another move by the European authorities to tighten the conduct of internet-based multinationals while the Commission continues to work on its future Digital Service A.