In the continuity of the GDPR, a judgment of the Court of Justice of the European Union recently strengthened the protection of personal data by invalidating the " Privacy Shield ", which allowed their transfer to American operators adhering to certain protection principles without further formality. Concretely, on the perimeter of the Purchases and in particular in the context of the operation of information systems, this so-called "Schrems II" decision should lead companies to favour the use of third parties or subcontractors established either within the European Union or in other countries by ensuring, for example through specific contractual clauses, that they do not have laws allowing state agencies to access data of European residents. Such a logic would be implemented in more than 60% of the regions of the world, as in China through the PIPL (Personal information protection law).