an assessment by the data exporter of whether the legal framework of the destination country provides effective protection for the data being transferred. If the TIA reveals that SCCs are insufficient (for example, because surveillance laws in the destination country allow bulk access to transferred