European data privacy laws prohibit the transfer of personal data to jurisdictions whose laws don’t provide protection for personal data equivalent to that provided in Europe (the “adequacy requirement”). At present, only a limited number of jurisdictions have laws — and the U.S. isn’t among them — that satisfy this requirement.

They’re Argentina, Canada and Switzerland, and two British Crown dependencies, the Bailiwick of Guernsey and the Isle of Man. (Guernsey and the Isle of Man are possessions of the British Crown. They’re internally self-governing dependencies, and not sovereign nations, and they aren’t part of the United Kingdom (as overseas territories or otherwise) or members of the EU. (See CIA World FactBook.)