European Union: Adopted Statement 02/2022 on data transfers to Russia

On 12 July 2022, the European Data Protection Board (EDPB) adopted Statement 02/2022 on transfers of personal data to the Russian Federation. The EDPB first notes that following the sanctions related to Russia's war in Ukraine and the consecutive exclusion of Russia from the Council of Europe, Russia is no longer a contracting party to the EU legal frameworks and protocols. In addition, the EDPB states that Russia does not benefit from an adequacy decision recognising that it provides an equivalent level of protection for personal data. As a result, the EDPB emphasises that transfers of personal data to Russia must be made using one of the mechanisms under Chapter V of the General Data Protection Regulation. The EDPB thus encourages data exporters to assess and identify the legal basis and ensure the application of appropriate safeguards.