The European Court of Justice declared invalid the Privacy Shield stating that it did not provide an adequate level of protection to personal data for data transfer between the EU and the US.
Therefore, data transfer between the EU and the US cannot be based on the Privacy Shield. Controllers need to implement additional and appropriate safeguards. The European Court of Justice left as other legal basis for data transfer the Standard Contractual Clauses and the Binding Corporate Rules.
If you need to know more about how to transfer data in third countries under the EU GPDR here you can find more information: