About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

25 J.L. Inf. & Sci. 49 (2017-2021)
'Adequate Level of Data Protection' in Third Countries Post-Schrems and under the General Data Protection Regulation

handle is hein.journals/jlinfos25 and id is 59 raw text is: 'Adequate level of data protection' in third countries post-Schrems and under the General Data Protection Regulation PAUL ROTH* Abstract This paper looks at the concept of an 'adequate level of protection' by third countries for the purposes of transferring data out of the European Union ('EU') and European Economic Area ('EEA')1 under the data protection Directive2 in the wake of the 2015 European Court of Justice ('ECJ')3 decision in Maximillian Schrems v Data Protection Commissioner (Ireland),4 as well as under the EU General Data Protection Regulation ('GDPR'),5 which comes into force on 6 May 2018. Introduction Under the Directive and the GDPR, if personal data is transferred outside EU Member States and they do not fall under one of the derogations set out in the Directive (art 26(1)) or the GDPR (art 49), the third country must ensure an adequate level of protection for those data under contractual clauses approved by a Member State, or the EU Standard Contractual Clauses or Binding Corporate Rules. Alternatively, the European Commission * Professor of Law, Faculty of Law, University of Otago, Dunedin, New Zealand. 1 The three additional EEA states are Iceland, Norway and Liechtenstein. The requirements of the Directive (as adapted) are applicable through the Agreement on the European Economic Area, signed 2 May 1992, [1994] OJ L 1/3 (entered into force 1 January 1994). 2 Directive 95/46/E C of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L 281/31 ('Directive'). 3 The common abbreviation ECJ is used throughout this paper in preference to 'CJEU' (Court of Justice of the European Union). 4 (Court of Justice of the European Union, C-362/14, 6 October 2015) ('Schrems'). 5 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Date Protection Regulation) [2016] OJ L 119/1 ('GDPR'). Nb. Information about volumetric and EAP page numbering is set out on page ii of this issue.

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most