A critical evaluation of the evolution of EU data protection adequacy assessments and their effectiveness as a mechanism for promoting EU data protection standards as the global norm

Research output: Contribution to journalArticlepeer-review


This article develops and applies a multi-dimensional framework to demonstrate what a data protection adequacy assessment by the Commission entails. The framework illustrates by reference to adopted adequacy decisions and commentary on failed applications under Directive 95/46/ec (Directive) and the General Data Protection Regulation (GDPR) that four of the dimensions have a legal basis and have become more stringent over time. It also demonstrates that the Commission routinely acts as though there is another latent dimension, namely trade considerations, and this results in the adoption of deficient adequacy decisions. The model is also used to critically evaluate whether the EU is making progress in realising its goal of promoting its data protection standard as the global norm through the adoption of adequacy decisions.
Original languageEnglish
JournalCommon Market Law Review
Publication statusAccepted/In press - 20 Feb 2024


  • adequacy
  • GDPR.
  • data protection,
  • Directive 95/46/ec,
  • third country,
  • personal data transfers,

Cite this