The transfer of personal data outside of the EU is only allowed under certain conditions as set out in Directive 95/46/EC and also in the General Data Protection Regulation which will be fully applicable as of May 2018. If a country is deemed by the European Commission to offer an adequate level of protection, it will be subject to the same rules as an EU Member State, which means that the recipient of the data in that state will not be obliged to take specific measures to allow for the transfer. Transferring data to a country without an adequacy decision requires appropriate safeguards, such as standard contractual clauses or binding corporate rules. Derogations to this rule can be obtained in very specific cases. The European Data Protection Board, of which the EDPS is a member, will provide the Commission with Opinions on this subject.
EDPS Opinion 48/2023 on the Proposal for a Directive on European cross-border associations and the Proposal for a Regulation amending Regulations 1024/2012 and 2018/1724.
EDPS Opinion 47/2023 on the negotiating mandate for an Agreement between the EU and Switzerland on the transfer of Passenger Name Record data.
EDPS Opinion 45/2023 on the negotiating mandate for an Agreement between the EU and Norway on the transfer of Passenger Name Record data.
EDPS Opinion 46/2023 on the negotiating mandate for an Agreement between the EU and Iceland on the transfer of Passenger Name Record data.
Newsletter #104 is out now! Stay informed with us about new updates in the digital regulatory landscape, affecting the GDPR and transfers of personal data to the US. Technology specialist? Read about how to download our Website Evidence Collector 2.1.1. Also in this edition, learn more how can social media be both practical and privacy friendly? This issue is also part of our podcast series, the Newsletter Digest.