European Union: EPDB closes consultation on Guidelines on data transfers to third country authorities (Art. 48 GDPR)

On 27 January 2025, the European Data Protection Board (EPDB) closed its public consultation on Guidelines on Article 48 of GDPR. These Guidelines elaborate on Article 48, which governs the transfer of personal data to authorities in non-EU countries (third countries). The Guidelines emphasise the EU's legal sovereignty, prohibiting the automatic recognition of judgments from third-country authorities unless supported by an international agreement. These Guidelines are intended to assist organisations in ensuring GDPR compliance when transferring personal data, requiring a legal basis under Article 6 (e.g., legal obligations) and adherence to Chapter V mechanisms, such as adequacy decisions or safeguards. Article 49 allows for exceptions considered on a case-by-case basis, but these must be rare and justified.