In an era of constant advances in technology and social networks, the desire to protect consumer privacy has evolved. When consumers use social networks, they trade their personal data in exchange for the services offered by social networks. The relationship between consumers and social networks creates asymmetries in the amount of information held by each party. The European Union perceived a divergence in this area and, in order to protect consumers within the Union, adopted the General Data Protection Regulation (GDPR). The aim of the Regulation was to reduce information asymmetries by ensuring transparency of the practices used by social networks in collecting and processing consumer data. Personal data is an important element in international cooperation and international trade, where it is necessary to ensure that the country to which the personal data is transferred achieves the same level of protection as the EU. In the wake of the scandals in the United States of America, which showed the low level of protection of personal data in the US, the case law of the Court of Justice of the European Union (Schrems I and Schrems II) was developed as a response to the scandals. Even after the adoption of the GDPR, large social networks based in the US wanted to continue transferring personal data of individuals from the EU. They therefore seemingly aligned their operations with the provisions of the GDPR and continued to transfer. Data protection is a dynamic branch of law, which is still in a phase of development and refinement. Thus, many academics, European authorities and bodies and various organisations are offering solutions to improve the challenges faced by the GDPR in practice and are striving for a Regulation that will also offer consumers rights in practice.