Peter Fleischer comments:
There are many people in Europe who would rather eat their “chapeau” than admit that non-European countries like the United States might have adequate privacy protection, based on long-standing cultural or ideological bias. In my opinion, it’s the European “adequacy” regime that has become inadequate in today’s world. It’s near the top of my list of things that need to be modernized in European privacy law. It’s a political/bureaucratic fiction that some countries provide “adequate” data protection, while others don’t, because the decision is based on criteria that have almost nothing to do with the level of data protection on the ground, in the real world. A country can’t be deemed “adequate” if it doesn’t have an EU-style data protection authority. But the idea is ludicrous to me that privacy somehow couldn’t be protected in countries without such an agency, and in fact, the vast majority of countries in the world don’t have such an agency. And whatever labels are applied, the reality, in the age of the Internet, is that data is flowing around the globe. To take one topical example, cyber attacks do not respect borders, and take no note of whether or not a target is based in a country with “adequate” data protection.
Read more on Peter Fleischer: Privacy…?