Global Data Protection Regulation: EU Road Part 4

Data can be transmitted around the world in a basically frictionless manner. EU has therefore attached its data protection system to all personal information from the EU, and has granted the EU authorities the "data embargo right" to prevent the export of data to countries that fail to meet EU privacy requirements. For a long time, the out-of-domain transmission standard of personal data has been the "adequacy" of data protection in foreign jurisdictions. In 1995, as the predecessor of the global data protection regulations, the Directive on Data Protection established the adequacy requirements for international data transmission. The adequacy requirement indicates that "the third state concerned will be allowed for international transfers only when they ensure an adequate level of protection".

The decision on adequacy will be taken by regulators at the level of Member States, although the committee itself is mandated to negotiate with countries with insufficient data protection. The Directive requires the Commission to maintain a white list of countries with adequate data protection. EU can transmit data to entities on this list and send information to countries on the white list without any further requirements, which is equivalent to transmission within EU. Today, the determination of adequacy requires a formal proposal by the Committee, is given views by European Data Protection Commission composed of representatives of data protection agencies of Member States, approved by representatives of member states of the "European Commission System" and finally got the adequacy decision of the members of the Council of Europe.