_International Data Transfers
24/09/2025
The EU-U.S. Data Privacy Framework: LONG-AWAITED, READY TO BE CONTESTED, AND RAISING MORE QUESTIONS THAN ANSWERS
The EU-US Data Privacy Framework is finally a reality. Today the European Union announced the approval of the much-awaited Adequacy decision (see here), officially recognising the United States as a country that provides sufficient protections for the data of EU citizens which is transferred across the Atlantic. The decision comes following lengthy negotiations and a long period […]
10/07/2023
The EU-U.S. Data Privacy Framework: LONG-AWAITED, READY TO BE CONTESTED, AND RAISING MORE QUESTIONS THAN ANSWERS
The EU-US Data Privacy Framework is finally a reality. Today the European Union announced the approval of the much-awaited Adequacy decision (see here), officially recognising the United States as a country that provides sufficient protections for the data of EU citizens which is transferred across the Atlantic. The decision comes following lengthy negotiations and a long period […]
30/09/2021
Data geopolitics: The UK is moving fast on data transfers with possible adequacy for the Dubai International Financial Centre
The United Kingdom (UK) is demonstrating its agility on data transfers after leaving the European Union (EU). Through its global data plans and new strategic alliances (i.e., adequacy procedures) the UK is moving ahead to reshape international data flows and the global digital economy. The United States, Australia, the Republic of Korea, Singapore, the Dubai International Finance Centre, […]
24/09/2021
The future of EU-US data transfers
Last week I was interviewed by Laurie Clarke about the future of EU-US data transfers and what the US needs to do to make a new agreement a reality. Read “After a year of limbo a EU-US data privacy agreement still hangs in the balance” published in Tech Monitor, part of the New Statesman Media […]
28/06/2021
Habemus UK adequacy!
After many debates, lots of speculation, and negotiations, the Adequacy decisions for the United Kingdom have been approved and Personal Data can continue to flow freely from the EEA to the UK after 30 June 2021. In my opinion, it is both right and reasonable that the decisions have been adopted, given that the UK […]
31/03/2021
Would a US federal privacy law re-establish trusted EU-US data flows?
You might be aware that early last month US Congresswoman Suzan DelBene, Representing Washington’s 1st District, introduced the Information Transparency and Personal Data Control Act – in her words “legislation that would create a national data privacy standard to protect our most personal information and bring our [US] laws into the 21st Century.” Important aspects of the Information Transparency and Personal […]
03/09/2020
Schrems II – No legal certainty and no quick fixes! It’s a geopolitical matter before it’s a legal one. “A NEW AGE OF DATA TRANSFERS” PART IV
I just attended today’s online LIBE meeting on possible solutions following the CJEU’s “Schrems II” decision, where it was recognized that the question of data transfers to third countries is fundamentally a geopolitical matter before being a legal one. In this way, legal certainty should be re-established as soon as possible – but such an achievement […]
16/12/2019
Brexit and data protection: What’s next?
On 12 December 2019 in the UK general election, Boris Johnson secured his position as UK Prime Minister, with his Conservative party winning its first substantial majority in decades. The results of the election have set the way for the UK to exit the European Union by its scheduled exit date of 31 January 2020. The […]
23/10/2019
Results of the 3rd review of EU-U.S. Privacy Shield are finally here
Today, 23 October 2019, the European Commission published its report on the EU-U.S. Privacy Shield, to which approximately 5,000 companies are participating. The results of the Report are largely positive and confirm that the US ensures an adequate level of protection for the data transferred to it from the EU. Furthermore, in the Report, the […]
25/07/2019
Spain and Greece referred to CJEU for not transposing EU data protection rules into national law
The European Commission has referred Greece and Spain to the Court of Justice of the EU for failing to transpose the Data Protection Law Enforcement Directive, Directive (EU) 2016/680into their national law, which should have occurred by 6 May 2018. The purpose of the Directive is to ensure a high level of data protection and facilitate the exchanges of personal data […]