Abstract

Since the Schrems-II judgment, a discussion is taking place on solving the challenges organisations face when transferring personal data out of the European Economic Area: can they rely upon data transfer risk assessments, and may they also consider the likelihood of the risks actually occurring? If not, it seems unavoidable that many international data flows will either need to stop or continue illegally, since the threshold to transfer personal data would become too high to work with on a daily basis. This paper discusses why a risk-based approach to international transfers is both needed and legal, why the guidelines of the European Data Protection Board may be expecting too much from organisations and what a risk-based data transfer should mean in practice. Apart from legislative change, a solution can be found in increased accountability and transparency by organisations, to regain public trust. Keywords: data protection, international transfers, transfer risk assessment, accountability

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Cross-Border Transfers of Personal Data After Schrems II: Supplementary Measures and new Standard Contractual Clauses (SCCs)
Marcelo Corrales Compagnucci ... Mateo Aboy
Nordic Journal of European Law | VOL. 4
Marcelo Corrales Compagnucci, et. al.Marcelo Corrales Compagnucci ... Mateo Aboy
30 Dec 2021
Data protection and research in the European Union: a major step forward, with a step back
P.G Casali ... M Vyas
Annals of Oncology | VOL. 32
P.G Casali, et. al.P.G Casali ... M Vyas
21 Oct 2020
Reliability of IP Geolocation Services for Assessing the Compliance of International Data Transfers
Miguel Cozar ... Jose M Del Alamo
-
Miguel Cozar, et. al.Miguel Cozar ... Jose M Del Alamo
01 Jun 2022
EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era
Clare Sullivan
Computer Law & Security Review | VOL. 35
Clare SullivanClare Sullivan
22 Jun 2019
View more papers

More From: European Data Protection Law Review

Paper Title
Journal
Date
Author
France and Germany ∙ Amazon Fined by CNIL for Excessive Monitoring of Employees in France – Is the Situation in Germany Contrary to This?
S Braun
European Data Protection Law Review | VOL. 10
S BraunS Braun
01 Jan 2024
CJEU: The Rating of a Natural Person’s Creditworthiness by a Credit Rating Agency Constitutes Profiling and Can Be an Automated Decision under Article 22 GDPR
J Horstmann
European Data Protection Law Review | VOL. 10
J HorstmannJ Horstmann
01 Jan 2024
Data Altruism, Personal Health Data and the Consent Challenge in Scientific Research:
G Chassang ... L Feriol
European Data Protection Law Review | VOL. 10
G Chassang, et. al.G Chassang ... L Feriol
01 Jan 2024
Google's Antitrust Quandary: Data Ecosystem Building
R Vandendriessche ... C Buts
European Data Protection Law Review | VOL. 10
R Vandendriessche, et. al.R Vandendriessche ... C Buts
01 Jan 2024
View more papers