This is something what I have been thinking for a long time now. Specifically the situation where an European journal activates PKP PLN and the data is moved to a server situated in USA or Canada.
The Safe Harbor agreement between the US and EU used to cover this until 2015, but not anymore Safe harbor (law) - Wikipedia.
See PKP PLN, EU and data privacy for an earlier topic. I have not found an answer for this question yet.
For Canada, see https://gowlingwlg.com/en/insights-resources/articles/2015/is-canada-safe-from-the-safe-harbor-decision