The decision in Schrems II delivered by the Court of Justice in July 2020 (judgment of 16 July 2020, case C-311/18, Data Protection Commissioner v. Facebook Ireland Ltd and Maximillian Schrems) was, in many ways, foreseeable given the scheme and recent history of the Union’s privacy and data protection jurisprudence. Despite this, the decision has significant and far-reaching implications both for the protective standards afforded to personal data which are the subject of international data transfers and the role and responsibilities of data controllers where such transfers take place. More fundamentally, the decision also raises a series of further questions about the scope and reach of European data protection standards, the interpretation of the general Data Protection Regulation (GDPR) and the prospects of the United Kingdom in seeking an adequacy decision as a third country following Brexit.