In a world that is digitalising at high speed, organisations may be presented with requests to share personal data by foreign government agencies. This might include gathering evidence of a crime or monitoring financial transactions, for instance. The European Data Protection Board (EDPB) has further clarified its regulations for sharing personal data with public authorities based outside the European Economic Area (EEA). The EEA includes all EU countries plus Liechtenstein, Norway and Iceland.
New guidelines
On receiving a request from a non-EU authority, European organisations must comply with the (Dutch) Data Processing Agreement (DPA). The EDPB’s new guidelines help organisations to determine both whether and how to share personal data in any such situation. The guidelines will specifically address requests that arise from court rulings or decisions.
Public consultation
You will have the opportunity to submit your comments on these new guidelines until 27 January 2025. After this consultation period, the EDPB will finalise the guidelines. Please visit the Dutch DPA website for further information on how to submit your input.
