Transfer of Personal Data to Third Countries and the “Equivalent Level” of Protection According to the European Court of Justice

Emanuela Furramani
University "Luigj "Gurakuqi, Shkoder, Albania


The focus of this study is the transfer of personal data to third countries or international organizations according to EU Regulation No. 679/2016 (GDPR) on the protection of personal data. The primary goal of this Regulation concerning data transfer to third countries is to ensure that the subject's rights and freedoms are safeguarded at the same level as provided by GDPR. According to GDPR, before any transfer to a third country or international organization, it must first be ascertained whether the European Commission has established that a third country ensures an adequate level of protection. Regarding personal data protection in the third state, the European Court of Justice has intervened on different occasions. In the last decision, in 2020, the European Court of Justice declared invalid the European Commission's Decision No. 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield (Case Schrems II, 2020, July 16) because it does not provide effective and enforceable rights for personal data subjects in cases of interference. According to the European Court of Justice, the US does not guarantee an "essentially equivalent" level of protection to that provided by the European Union under Article 45(1) GDPR, read in conjunction with Articles 7, 8, and 47 of the European Union's Charter of Fundamental Rights, which guarantee respect for private and family life, personal data protection, and the right to effective judicial protection. Keywords: GDPR, personal data, transfer, third country, Privacy Shield.


Ask a question to the author or share your ideas about this paper