The transfer of personal data outside of the EU is only allowed under certain conditions as set out in Directive 95/46/EC and also in the General Data Protection Regulation which will be fully applicable as of May 2018. If a country is deemed by the European Commission to offer an adequate level of protection, it will be subject to the same rules as an EU Member State, which means that the recipient of the data in that state will not be obliged to take specific measures to allow for the transfer. Transferring data to a country without an adequacy decision requires appropriate safeguards, such as standard contractual clauses or binding corporate rules. Derogations to this rule can be obtained in very specific cases. The European Data Protection Board, of which the EDPS is a member, will provide the Commission with Opinions on this subject.
EDPS Opinion 20/2023 on the Proposal for a Regulation on the transfer of proceedings in criminal matters
Presentation of the EDPS Annual Report 2022 at Committee on Civil Liberties, Justice and Home Affairs (LIBE) by Wojciech Wiewiórowski, Brussels, Belgium
EDPS Formal comments on the draft Commission delegated Regulation amending Delegated Regulation (EU) 2019/1122 as regards the modernisation of the functioning of the Union Registry
EDPS Opinion on the negotiating mandate to conclude an international agreement on the exchange of personal data between Europol and Ecuadorian law enforcement authorities
EDPS Opinion on the Proposal for a Council Directive amending Directive 2011/16/EU on administrative cooperation in the field of taxation