EDPB Issues Final Recommendations on Third Country Data Transfers

By Odia Kagan on June 22, 2021

Third country laws – more than meets the eye. In practice – problematic legislation in disguise.

The European Data Protection Board has issued a “Transformers” style plan for assessing whether or not you can transfer information to a third country.

Controllers and processors are to conduct a thorough risk assessment of the laws of the third country that are not essentially equivalent to the protection provided by the EU.
Even if the laws are seemingly fine, controllers need to see whether the public authorities actually breach the laws in their practice.
Finally, they are to review a slew of documentation, including case law, ACLU reports, NSA reports, and warrant canaries – and put them all in a detailed report to be used against them by the supervisory authority.

In the words of Megatron and Optimus Prime: Controllers, rise up and risk assess…

Deeper dive in this article from OneTrust DataGuidance with comments from David Dumont, Laura Léonard, Jimmy Orucevic, Dr. Carlo Piltz and me.

menu

Privacy Compliance & Data Security

About Our Firm

Categories

Archives