Actually, the fundamental rule of data protection legislation is that an organisation can store data on its subscribers and can not except in limited legally prescribed instances (e.g. lawful intercept, insurance fraud) share it with another organisation.
The issue at the core of the Schrems case is that Facebook for example is not bound to respect this, or any other fundaments of EU data protection law.
However, if you register with a website that is clearly and overtly outside your data protection jurisdiction then it is "you" who is freely providing that data. Just as you might give personal information over a transatlantic phone call.
The EU has no jurisdiction where the company is not in the EU, and cannot prevent an individual from sending their private information outside the jurisdiction if they want to.
But various of these multinationals such as Facebook are in the EU for various operational reasons and as such the EU does have jurisdiction over them.
The issue at the core of the Schrems case is that Facebook for example is not bound to respect this, or any other fundaments of EU data protection law.
However, if you register with a website that is clearly and overtly outside your data protection jurisdiction then it is "you" who is freely providing that data. Just as you might give personal information over a transatlantic phone call.
The EU has no jurisdiction where the company is not in the EU, and cannot prevent an individual from sending their private information outside the jurisdiction if they want to.
But various of these multinationals such as Facebook are in the EU for various operational reasons and as such the EU does have jurisdiction over them.