This post describes a newly available resource for studying the effects of data localization within the European Union, a prospect that has become newly relevant in the wake of this year’s decision in Schrems II by the Court of Justice for the European Union (CJEU).  In 1998, I co-authored a book entitled, “None of Your Business: World Data Flows, Electronic Commerce, and the European Privacy Directive.”[1] This month the Brookings Institution, for the first time, has made the text of [...]

Three Scenarios for the Way Forward (and a Recommendation) Despite the very short available time, I have tried in Part 1 and Part 2 of this article to carefully review the EEGs and Supplementary Measures guidelines. Based on my review, there are two central conclusions that emerge from the EDPB publications on November 11: (1) Third countries might rarely if ever meet the EEG requirements. This means that, beyond the 8 sovereign States/12 entities that have the opportunity of benefiting today from [...]

In the first part of this analysis, published here, I explained why a great number of third countries might not meet the “Essential European Guarantees” (EEG) as set forth by the EDPB. In the second part of this paper I will assess the important difficulties entities will face in using supplementary measures that would enable transfers to countries that lack such guarantees. Tomorrow morning the ELB will publish the final part of this article which includes a discussion of three [...]

No, there has been no new “Schrems” judgment from the CJEU. But the publication of the post-Schrems II “Recommendations” by the European Data Protection Board (EDPB) on November 11, 2020, is such a huge aftershock than one could mistake it for an entirely new earthquake shaking the international data transfer system. [...]