ABSTRACT
Data controllers and processors may transfer personal data to third countries or international organisations only if the controller or processor has provided appropriate safeguards and on the condition that enforceable data subject rights and effective legal remedies for data subjects are available. It is crucial for data exporters and data importers to assess that the legislation of the destination country provides appropriate safeguards for lawful processing.
In this study, after conducting a legal analysis of the collected sources, the conflicts and problems in this area will be argued in the direction of the Court of Justice of the European Union (CJEU) decisions such as CJEU 16 July 2020, C-311/18, Schrems II. In the analysis of this topic, GDPR Articles 44 to 50 will be followed as guidance, as they detail the conditions for how such a transfer can occur even in the absence of an adequacy decision or appropriate safeguards. In this regard, I will start my research by explaining the general principles of data transfers and standard contractual clauses for international transfers. After emphasising the key concepts such as appropriate safeguards, and lawful processing; considering the adequacy decisions for third countries, I will elaborate on how to transfer data to third countries in compliance with the GDPR by preparing a checklist. While examining case laws related to Articles 44-50, I will also be looking for some examples of data protection legislation conflicts between EU countries and third countries.
Finally, I will conclude my research by making inferences about the subject with my own approach, and stating my views on the current problems related to this matter.
Öztürk, Özgün, Data Transfers out of the European Economic Area (June 27, 2022).
Leave a Reply