One day after an EU court repudiated the bloc's own anti-trust officials and saved Apple from a roughly $15 billion tax bill (all pending appeal, of course), the European Court of Justice, the highest court in the bloc, issued a ruling attaching new restrictions to how the personal data of EU citizens are handled by US companies.
Citing the risk of extralegal government surveillance, the court declared that US tech giants must keep all private data belonging to EU citizens in the EU.
According to the ruling, companies' transferring the data of EU citizens out of the bloc exposes it to undue government surveillance, perhaps carried out by the US intelligence community. To protect the privacy of Europeans in accordance with the principles articulated in the GDPR, the ECJ ruled that private data of its citizens must remain in Europe.
Specifically, the ruling invalidates a widely used EU-U.S. data-transfer agreement in a major victory for privacy activists who have long argued that the US tech companies' data practices should make them ineligible to operate in the EU. It will force companies to make a difficult decision. Since all data on EU citizens must now be physically stored in data centers on the continent, US tech giants will need to choose: either they build out the necessary infrastructure (server farms, etc), or they abandon their European business.