La presente informativa è resa, anche ai sensi dell’art. 13 del D. Lgs. 196/2003 “Codice in materia di protezione dei dati personali” (“Codice Privacy”) 
e degli artt. 13 e 14 del Regolamento (UE) 2016/679 (“GDPR”), a coloro che si collegano alla presente edizione online del giornale Tribuna Economica di proprietà di AFC Editore Soc. Coop. 

Leggi di più


The European Data Protection Supervisor (EDPS) issued a strategic document aiming to monitor compliance of European institutions, bodies, offices and agencies (EUIs) with the “Schrems II” Judgement in relation to transfers of personal data to third countries, and in particular,

the United States. The goal is that ongoing and future international transfers are carried out in accordance with EU data protection law.

Wojciech Wiewiórowski, EDPS, said: “Transfers of personal data by EUIs to third countries should comply with the EU Charter of Fundamental Rights, as well as applicable EU data protection legislation, specifically Chapter V of Regulation (EU) 2018/1725. To this end, the Strategy builds on the cooperation and accountability of controllers to assess whether the essentially equivalent standard of protection, based on the Court’s ruling, is guaranteed when transfers of personal data are made towards third countries. Furthermore, the EDPS will continue to closely cooperate with other Data Protection Authorities (DPAs) within the European Data Protection Board (EDPB) so that individuals’ personal data is consistently protected throughout the EU/EEA, when data transfers to third countries occur”.

The Judgement has far-reaching consequences on all legal tools used to transfer personal data from the EEA to any third country, including transfers between public authorities. While the strategy aims to bring all transfers into compliance with the Judgement in the medium term, the EDPS has identified two priorities to address in the short-term: ongoing controller to processor contracts and/or processor to sub-processor contracts involving transfers of data to third countries, with a particular emphasis on those carried out to the United States.

It is in this context that the EDPS has developed an action plan to streamline compliance and enforcement measures, distinguishing between short-term and medium-term compliance actions. 

As the Strategy continues to be implemented, the EDPS strongly encourages EUIs to avoid transfers of personal data towards the United States for new processing operations or new contracts with service providers.