Fact is that it is not per se illegal to transfer data from the EEA to the U.S. What has changed is that the blanket permission for transatlantic data transfers from the EEA to Safe Harbor certified U.S. companies has fallen away. Nonetheless, alternative transfer mechanisms, in particular Binding Corporate Rules and Standard Contractual clauses may be relied upon for lawfully transferring data from the EEA to the U.S. Further, derogations such as consent and performance of a contract might be available.
Which transfer mechanism can and should be relied upon in any given scenario will depend on the underlying facts and the country from which the data is to be transferred given that the various data protection authorities across the EEA take different views as to which transfer mechanisms are available. So, while there is currently no universally accepted transfer mechanism, data transfers from the EEA to the U.S. may be based on alternative transfer mechanisms.
