The GDPR’s modernised ‘adequacy’ test in Art. 45 has sparked a hot debate among scholars and policy makers. The European Commission’s communication from 2016 ‘Exchanging and Protecting Personal Data in a Globalised World’ has shed some light into the procedure of adequacy assessments. It is still far from clear whether Art. 45 effectively guarantees the rights of individuals, or whether the mechanism can be interpreted in such a way, that it becomes more efficient. Whilst the European Commission has recognised Japan as having an adequate level of protection subject to several important restrictions, we may wonder whether the first application of the new catalogue of requirements in the GDPR’s Art. 45 can represent a model for other countries. This panel promises a topical discussion in light of the pending Court of Justice’s rulings and post-Brexit data flow arrangements.
• What are the implications of the adequacy finding in relation to Japan for other countries?
• Is the adequacy regime the bottleneck or the procedure?
• How can the EU adequacy mechanism become more efficient so as to protect individuals’ rights and support the global flow of personal data?
• Given the turn-around, how can the Commission re-assess all existing adequacy findings in the four years after the GDPR enters into force?