9 Matching Annotations
  1. May 2020
    1. The GDPR permits data transfers of EU resident data outside of the European Economic Area (EEA) only when in compliance with set conditions.
    1. the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;
    2. In the absence of an adequacy decision pursuant to Article 45(3), or of appropriate safeguards pursuant to Article 46, including binding corporate rules, a transfer or a set of transfers of personal data to a third country or an international organisation shall take place only on one of the following conditions:

      These conditions are individually sufficient and jointly necessary (https://hyp.is/e0RRFJCfEeqwuR_MillmPA/en.wikipedia.org/wiki/Necessity_and_sufficiency).

      Each of the conditions listed is a sufficient (but, by itself, not necessary) condition for legal transfer (T) of personal data to a third country or an international organisation. In other words, if any of those conditions is true, then legal transfer is also true.

      On the other hand, the list of conditions (C; let C be the disjunction of the conditions a-g: a or b or c ...) are jointly necessary for legal transfer (T) to be true. That is:

      • T cannot be true unless C (one of a or b or c ...) is true
      • if C is false (there is not one of a or b or c ... that is true), then T is false
      • T ⇒ C
      • C ⇐ T
    1. EU law prohibits the personal data of EU citizens from being transferred outside the EU to countries which do not ensure an adequate level of protection for that data.
    2. This framework serves the purpose of protecting Europeans’ personal data after the transfer to the US and correlates with GDPR requirements for Cross Boarder Data Transfers.
    1. Meet specific requirements if transferring data outside of the EAA. The GDPR permits data transfers of EU resident data outside of the European Economic Area (EEA) only when in compliance with set conditions.
    1. the GDPR restricts transfers of personal data outside the EEA, or the protection of the GDPR, unless the rights of the individuals in respect of their personal data is protected in another way
  2. Nov 2017