For the second day running, the European courts have handed down a judgement with significant implications for Irish and European citizens, regulators and companies.

Yesterday it was all about tax.

But today's ruling was about privacy and data protection.

So what happened today?

The EU's highest court gave its judgement in a long running case involving the Irish Data Protection Commission (DPC), Facebook and Austrian privacy activist, Max Schrems.

The nitty gritty of the case is very complex.

But essentially, what was at question was whether legal mechanisms, called Standard Contractual Clauses (SCCs), that are used by Facebook and countless other companies to move citizens personal data between Europe and the US, afford adequate protection to that data.

Mr Schrems had previously complained that because the US government carries out surveillance, personal data sent there by Facebook and other big tech firms operating in Europe could not be guaranteed the same level of protection as it would get if it remained in Europe, where we have strong privacy rules thanks to the General Data Protection Regulation (GDPR).

The Irish DPC wanted the court to decide whether SCCs were watertight in this regard and by taking a case against Facebook and Schrems, it managed to get it before the European court, via the Irish High Court which referred it there.

And what did the European court decide?

In essence it found that SCCs were a valid mechanism for moving personal data from Europe to other countries where a data protection adequacy agreement is not already in place.

But it put a caveat in there, by saying this is only as long as data protection regulators and the companies that use such contracts can guarantee that third countries are able to enforce the data protections the contracts contain.

If they cannot do that, then the companies should not send the data. And if they persist in doing so, then it is up to regulators, like the Irish DPC, to suspend or prohibit the transfers from taking place.

However, the court also had a bit of surprise up its sleeve too.

It found that the existing legal agreement between the EU and US governing transfers of personal data, called Privacy Shield was invalid.

Privacy Shield had only been in place for a few years because its predecessor called Safe Harbour had also been struck down by the European courts because it did not provide enough protection for data.

Privacy Shield was supposed to be better, stronger and more water-tight than Safe Harbour.

But once again, the court found that the latest iteration of the accord also did not meet the mark as it did not meet the standard of protection for EU citizens which is guaranteed by GDPR.

The judges ruled that under Privacy Shield any decisions by the US national security services had "primacy" and this therefore "condoned" interference with the fundamental rights of EU citizens whose data were transferred to the US.

In other words, European citizens data was not guaranteed to be kept private once in the US.

So who won then?

That depends on who you ask.

As with all such cases there was a broad welcome for the clarity the judgement brought.

Max Schrems claimed a near complete victory, saying the court had followed his organisation NOYB's arguments in nearly every respect.

"This is a total blow to the Irish DPC and Facebook. It is clear that the US will have to seriously change their surveillance laws, if US companies want to continue to play a major role on the EU market," he stated.

But likewise, Facebook also appeared to claim something of a victory, welcoming the confirmation of the validity of SCCs for transfers of data to non-EU countries.

"They are used by Facebook and thousands of businesses in Europe and provide important safeguards to protect the data of EU citizens," it said.

However, a reading of the Data Protection Commission's reaction would seem to suggest Facebook might be missing the point a bit here.

The DPC welcomed the judgement and claimed that in terms of the points of principle in play, the court has endorsed its position.

But it also said that while it has also ruled that Standard Contractual Clauses used to transfer data to countries worldwide are valid, it is clear that in practice, the application of the SCCs to transfers of personal data to the United States is now "questionable".

"This is an issue that will require further and careful examination, not least because assessments will need to be made on a case by case basis," it said.

In other words, the DPC seems to be suggesting that when the case comes back to the High Court here, and is likely then referred back to the DPC to consider Mr Schrems original complaint in light of the judgement, the DPC may find it difficult to allow Facebook (and others) to continue sending personal data to the US.

So Facebook and others may have to change what they do with my data in the future. But what are the implications of all this for my data right now?

Well one would hope that companies moving data from Europe around the world had contingency plans in place for all eventualities and so there should be no disruption to services from the striking down of Privacy Shield or from the doubt that now hangs over the use of SCCs for data exports to certain countries.

But if some of the 5,000 companies that use it were solely reliant on Privacy Shield for moving data, they will have to react pretty sharpish to put another legal mechanism in place, or stop sending the data to the US and store or process it in Europe instead.

Data that is deemed "essential" can continue to move backwards and forwards without any great concern.

That includes emails, airline bookings, messages or direct private use of US based services.

And transfers of data that do not contain personal data also can continue, like streaming services for example.

In essence though, it is unlikely that your favourite social media platform, messaging service or other app will stop working overnight tonight.

It all sounds pretty costly

Yes, undoubtedly it has created a big headache not only for the European Commission, US government and regulators, but also for companies.

Firms would have incurred costs in setting themselves up to be certified under Privacy Shield, and they will now incur additional cost moving to SCCs.

Such alternatives may also not be as flexible a mechanism too, as the companies have to conclude separate contracts with each processor that they send personal data to. There will therefore be costs here too.

But doing nothing is not an option either, because the fines for not adequately protecting user data under GDPR are potentially huge, at 4% of global turnover or €20 million.

Perhaps particularly ironic though is that it seems in taking this case, the Irish DPC has potentially brought a raft of new work down upon itself.