International transfers

This subtopic discusses the international transfer of personal data under the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (the EU GDPR). For an introduction to the EU GDPR regime generally, including the data protection principles, terminology, territorial scope and applicability, see Practice Note: The EU’s General Data Protection Regulation (EU GDPR).

The Chapter V restrictions

Article 44 of Regulation (EU) 2016/679, EU GDPR prohibits controllers and processors subject to the EU GDPR from transferring personal data to any country or territory outside the EEA or to an ‘international organisation’ unless the conditions laid out in Chapter V (Transfers of personal data to third countries or international organisations) of the EU GDPR are complied with.

An international organisation under the EU GDPR means any organisation (and its subordinate bodies) governed by public international law or any other body which is set up by, or on the basis of, an agreement between two or more countries.

The transfer restrictions apply both to the initial transfer, and to any onward transfer.

For more information, see Practice Note: EU GDPR—transfers of personal data internationally and to

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest EU Law News

European Commission initiates review of Technology Transfer rules

The European Commission has published findings from its evaluation of Commission Regulation (EU) No 316/2014 (the Technology Transfer Block Exemption Regulation or TTBER) and accompanying Guidelines. The Commission has determined that while the rules have been largely effective, improvements are needed in areas such as market share thresholds, data licensing, and technology pools. The Commission will now launch an impact assessment to explore policy options for revising the rules before their expiration in April 2026. A public consultation is planned for December 2024, allowing stakeholders to provide input on potential changes to ensure the rules remain fit for purpose in the evolving technological landscape.4o

JRC identifies 18 product categories for potential EU ecodesign regulation

The Joint Research Centre (JRC) has published a report assessing various product categories for potential regulation under the new EU Regulation 2024/1781 (the Ecodesign for Sustainable Products Regulation (ESPR)). The JRC has identified 18 product groups, including both final and intermediate products, which show significant potential for reducing environmental impacts and enhancing EU strategic autonomy if regulated under the ESPR. The findings will inform the Commission's first ESPR Working Plan, due for adoption in the first half of 2025. The report also highlights the potential of horizontal requirements on durability, recyclability, and recycled content across multiple product groups.

Questions & unsatisfactory answers—the European Commission publishes guidance on the importer requirements of the EU Methane Regulation

EU Law analysis: Alex Kerr, partner at Baker Botts LLP, examines the European Commission’s Q&A document on the importer requirements of the EU Methane Regulation.

European Payments Council initiates call for interest in VOP scheme services

The European Payments Council (EPC) has issued a call for interest, inviting organisations to express their interest in providing services as routing and/or verification mechanisms (RVM) that comply with the verification of payee (VOP) scheme. The EPC developed the VOP scheme to help payment service providers (PSPs) in the European Union (EU) and the European Economic Area (EEA) comply with new regulatory requirements for payee verification, which will take effect on 5 October 2025. Responses are sought by 20 December 2024.