"""The EU–US Privacy Shield was a legal framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States.[1] One of its purposes was to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens.[2] The EU–US Privacy Shield went into effect on 12 July 2016 following its approval by the European Commission. It was put in place to replace the International Safe Harbor Privacy Principles, which were declared invalid by the European Court of Justice in October 2015.[3] The ECJ declared the EU–US Privacy Shield invalid on 16 July 2020, in the case known as Schrems II.[4]""" - https://en.wikipedia.org/wiki/EU–US_Privacy_Shield
You don't need a hypothetical question for this:
"""The EU–US Privacy Shield was a legal framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States.[1] One of its purposes was to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens.[2] The EU–US Privacy Shield went into effect on 12 July 2016 following its approval by the European Commission. It was put in place to replace the International Safe Harbor Privacy Principles, which were declared invalid by the European Court of Justice in October 2015.[3] The ECJ declared the EU–US Privacy Shield invalid on 16 July 2020, in the case known as Schrems II.[4]""" - https://en.wikipedia.org/wiki/EU–US_Privacy_Shield
Also see https://en.wikipedia.org/wiki/Max_Schrems
Also, Microsoft had a specific problem with legal jurisdiction, because first the FBI then a US court ordered it to hand over data from a server in Ireland that EU/Irish law prohibited it from handing over: https://www.irishtimes.com/business/technology/microsoft-ire... and https://en.wikipedia.org/wiki/Microsoft_Corp._v._United_Stat...