EDPB Clarifies Rules for Data Sharing with Third-Country Authorities and Approves EU Data Protection Seal Certification

 The European Data Protection Board (“EDPB”) has issued guidelines offering clarity on the interpretation and application of Article 48 General Data Protection Regulation (“GDPR”) regarding data transfers to third-country authorities (“Guidelines”) 02/2024 on 2 December 2024 and has also approved a new European Data Protection Seal.  

According to the Guidelines;

• The Guidelines have aimed to clarify the application of Article 48 of the GDPR, which addresses international requests for personal data transfers and disclosures.
• Public authorities in other countries have requested organizations to share personal data to collect evidence in the case of crime, monitor financial transactions or approve new medications.
• Decisions or rulings from third-country authorities will not be automatically recognized or enforced in Europe. If an organization responds to a personal data request from a third-country authority, this data flow constitutes a transfer and the GDPR applies.
• The Guidelines stipulate that any judgment or decision by a non-EU court or authority requiring data transfers can only be recognized or enforced if based on an international agreement, such as a mutual legal assistance treaty, or if it complies with other GDPR provisions.
• The Guidelines have been opened for public consultation until 27 January 2025.

European Data Protection Seal;

• The EDPB has approved the EU Data Protection Seal enabling organisations to demonstrate their GDPR compliance across all EU member states.
• This certification enhances transparency and builds consumer trust by demonstrating that organisations meet high data protection standards.

You can access the full text of the Guidelines here.

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr