Abstract
This article develops and applies a multi-dimensional framework to demonstrate what a data protection adequacy assessment by the Commission entails. The framework illustrates by reference to adopted adequacy decisions and commentary on failed applications under Directive 95/46/ec (Directive) and the General Data Protection Regulation (GDPR) that four of the dimensions have a legal basis and have become more stringent over time. It also demonstrates that the Commission routinely acts as though there is another latent dimension, namely trade considerations, and this results in the adoption of deficient adequacy decisions. The model is also used to critically evaluate whether the EU is making progress in realising its goal of promoting its data protection standard as the global norm through the adoption of adequacy decisions.
Original language | English |
---|---|
Journal | Common Market Law Review |
Publication status | Accepted/In press - 20 Feb 2024 |
Keywords
- adequacy
- GDPR.
- data protection,
- Directive 95/46/ec,
- third country,
- personal data transfers,