- Andrew MurrayAndrew MurrayProfessor of Law, London School of Economics and Political Science
This chapter examines how data flows are managed by the General Data Protection Regulation. Strict rules of equivalency manage transfers for non-EEA states and recent challenges to agreed data equivalency rulings, in particular, in the case of Maximillian Schrems v Data Protection Commissioner decision have proven challenging for regulators. This chapter will examine these challenges and what GDPR says is permissible and what is not in relation to transfers to third countries. In addition to the Schrems decision, the chapter also examines the more recent Digital Rights Ireland Ltd v European Commission and Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems cases.