資料的自由流動是國際貿易的基石，跨境傳輸所分享的資料構築了商業交易的基礎，也藉此促進國際之間的合作，一旦國際資料傳輸機制發生任何變化，都將帶來重大的影響，因為這意味著具有新的合規要求，複雜之餘，有時甚至採取和先前完全不同的模式。除此之外，正因發展程度和隱私概念的不同，各個國家和區域間對於國際資料傳輸也都採取不同的治理模式，企業們也因而需要不斷關注個資領域中具有指標性意義法規範的變化。
歐洲聯盟法院在2020年針對歐美跨境資料傳輸做出了一個具有里程碑意義的決定，其雖然將隱私盾決定宣告無效，但仍然認定歐盟執委會所做出有關標準契約條款的決定是有效的，歐美之間將可以繼續使用契約方式進行跨境資料傳輸；在這樣的前提下，此份判決提出了關於資料保護標準的補充措施要求，也開始關注資料輸出者、資料輸入者在面臨當地法律和政府近用要求影響遵守契約時的相關責任。除此之外，判決也延伸出有關資料保護的補充性措施和GDPR第3條域外效力與第5章國際傳輸間適用關係的討論。歐盟既然身為台灣重要的政經夥伴之一，本論文也將為做為資料輸入者的台灣企業分析此份最新SCCs設計內容及契約遵守上需注意的議題。
本論文除關注台灣做為歐盟資料輸入者的腳色外，也同樣關心應如何安全且不喪失原先應有保護程度地輸出台灣資料至境外第三國。為了透徹研究如何以契約作為資料保護工具，本論文除歐盟標準契約條款外，也一併研究了東南亞國協和紐西蘭的契約版本，並最終提出台灣自有的國際資料傳輸契約條款。

The free flow of data is the cornerstone of international business. Through cross border data transfer, data sharing underpins business transactions and supports international cooperation. Any change to the scheme of international data transfer will have far-reaching impacts, as they usually bring up new compliance requirements, which can be complex and sometimes even totally different than before. Furthermore, with different levels of development and mindset of privacy, countries are taking diverging approaches to govern international data transfers. Hence, companies must keep tracks of the change of leading legislations.
In 2020, the European Court of Justice, again, delivered a landmark decision, which deals with international data transfers between the European Union and the United States. The so-called Schrems II judgment, on the one hand, invalidates the Privacy Shield agreement, while, on the other hand, upholds the commission’s decision on standard contractual clauses (SCCs) for the transfer of personal data to a third country. Data transfer from the EU to the US after Schrems II could keep using SCCs as a compliance tool. The judgment, however, has significant implications for the data protection requirements and the responsibility of data exporters and data importers, especially when local laws and government access requests affect the compliance with the SCCs. In addition, the application of SCCs also raises further discussions about new data protection supplementary measures and the relation between article 3 and chapter 5 of the GDPR. As EU is one of Taiwan’s important economic and political partners, this study, therefore, analyzes the latest developments of SCCs and relevant compliance issues for the company as a data importer in Taiwan.
This study has focused on not only how to import personal data from the EU but also how to export Taiwan’s personal data safely and maintain the same level of protection to other third countries. In order to thoroughly understand how to adopt contractual clauses as a compliance tool for data protection, in addition to EU’s SCCs, this study further analyzes Model Contractual Clauses from The Association of Southern Asian Nations and the Model Contract from New Zealand. In the end, this study will propose Taiwan’s own standard contractual clauses for international data transfer.

第一章 緒論 1
第一節 問題意識 1
第二節 研究方法、範圍與研究架構 5
第二章 歐盟針對跨境資料傳輸之管制 9
第一節 歐盟針對跨境資料傳輸之規範發展 9
第二節 Schrems案之判決背景及發展 22
第三節 EDPB之保護措施建議及新SCCs最終版本 43
第三章 亞太地區之跨境資料傳輸工具 89
第一節 東南亞國協 91
第二節 紐西蘭跨境資料傳輸概論 108
第四章 台灣跨境資料傳輸管理及新發展之因應 124
第一節 我國接收來自歐盟資料跨境傳輸之現況與分析 125
第二節 我國資料向外跨境傳輸之現行規範與分析 137
第三節 我國作為資料輸出國的下一步：提出自有契約版本 147
第五章 結論 161
參考文獻 166

一、 中文文獻
（一） 專書
李惠宗（2015），憲法要義，7版，台北：元照。
法治斌、董保城（2020），憲法新論，7版，台北：元照。
Brad Smith，Carol Ann Browne著，孔令新譯（2020），未來科技的15道難題，台北：商周。[Brad Smith, Carol Ann Browne. 2020. Tools and Weapons: The Problem and the Peril of the Digital Age. London: Hachette UK.]
（二） 期刊論文
林其樺，戴豪君（2018），政府與產業因應GDPR之調適措施，台灣經濟論衡，第16卷第3期，頁16。
李世德（2018），GDPR與我國個人資料保護法之比較分析，台灣經濟論衡，第16卷第3期，頁69-93。
邵慶平（2009），規範競爭理論與公司證券法制的建構間對台灣法制的可能啟示，國立臺灣大學法學論叢，38:1期，頁1-59。
孫鈺婷（2016），歐美跨境資料傳輸新框架—從歐美安全港協議無效談起，科技法律透析，第28卷第7期，頁22-30。
郭戎晉（2015），個人資料跨境傳輸之法律研究，科技法律透析，第27卷第8期，頁28-55。
郭戎晉（2020），論歐盟個人資料保護立法域外效力規定暨適用問題，政大法學評論，第161期，頁1-70。
陳秭璇（2013），我國個資法對於國際傳輸之限制，科技法律透析，第25卷第10期，頁20-25。
張藏文（2020），定型化契約應記載或不得記載事項與行政管制-以國內線航空乘客運送契約為例，消費者保護研究，第24輯，頁185-227。
廖淑君（2020），論我國因應GDPR施行之措施-以個人資料之跨境傳輸為核心議題，商業法律與財經期刊，第3卷第1期，頁115-140。
謝哲勝（2005），契約自治與管制，月旦法學雜誌，第125期，頁23-30。
（三） 碩博士論文
林詩韻（2012），銀行國際傳輸客戶資料保戶規範-以英國法為中心，國立政治大學法學院碩士班論文。
葉子齊（2020），資料跨境傳輸之國際規範實踐與我國法相關規定之因應，交通大學科技法律研究所學位論文。
（四） 政府相關文書、報告
文化部（2021），香港國安法迫害蘋果日報 文化部函令限制「不得跨境資料傳輸」，https://www.moc.gov.tw/information_250_141982.html。
公共政策網路參與平台，要求交通部限制旅行業將消費者個資傳輸至中國，https://join.gov.tw/idea/detail/61dd5686-f38c-46c8-8b95-a0e736bb93be?fbclid=IwAR3qDJvUhByCqi8E_CDCzQfZ2c5JEgw28cUs2sBmCsc7tZk739o2JsOtqo8#endorses。
中華民國大陸委員會（2010），金管會對於聯徵中心信用資訊查詢作業安全控管機制之說明， https://www.mac.gov.tw/News_Content.aspx?n=57C834CE11740872&sms=8E0A247A631E0960&s=881E30955C3627BB。
立法院（2018），立法院議案關係文書院總第1570號委員提案第22621號， https://lci.ly.gov.tw/LyLCEW/agenda1/02/pdf/09/06/13/LCEWA01_090613_00014.pdf。
立法院（2019），立法院議案關係文書院總第1570號委員提案第23196號，https://lci.ly.gov.tw/LyLCEW/agenda1/02/pdf/09/07/10/LCEWA01_090710_00044.pdf。
立法院（2020），立法院議案關係文書院總第1570號委員提案第25284號， https://lci.ly.gov.tw/LyLCEW/agenda1/02/pdf/10/02/04/LCEWA01_100204_00037.pdf。
行政院，定型化契約範本，https://www.ey.gov.tw/Page/37D1D3EDDE2438F8。
國家發展委員會（2019），國發會推動個資法修法，力拼GDPR適足性認定，https://www.ndc.gov.tw/nc_27_33660。
國家發展委員會，個人資料保護專區，https://pipa.ndc.gov.tw/News.aspx?n=B1C4E8AEFEB6857C&page=2&PageSize=20。
國家發展委員會（2018），歐盟 GDPR 適足性相關文件與判決之對外說明資料結案報告，頁1-116。
經濟部（2020），經濟部個人資料保護作業手冊。
（五） 網路資料
花俊傑，ISO/IEC 27701隱私保護國際標準新登場，BSI英國標準協會，https://www.bsigroup.com/localfiles/zh-tw/e-news/no187/iso-27701-pims-standard-published-jack-hua.pdf。
財團法人資訊工業策進會（2021），全球第九全臺第一！資策會成臺灣APEC跨境隱私規則當責機構，https://www.iii.org.tw/Press/NewsDtl.aspx?nsp_sqno=2356&fm_sqno=14。
達文西個資暨高科技法律事務所（2020），【快訊】個資法全文修正腳步近了？—立法委員提出修正草案，https://www.davinci.idv.tw/news/874。
達文西個資暨高科技法律事務所（2021），GDPR新修正SCC條款之分析。
廖昱涵（2020），公民團體揭露：臺灣最大網路旅行社易遊網遭「中國政協」實質控制， https://musou.watchout.tw/read/jUjwewE0m5GI54LrWwhd。
鍾秉哲（2021），中資滲透旅行社民團憂台人個資外洩，http://www.newspeople.com.tw/nissue-210223-01/。
羅志華（2021），台灣滴滴打車遭爆屬陸資「事涉國安」女老闆變沒事了，https://www.ettoday.net/news/20210506/1975911.htm。
二、 英文文獻
（一） 專書
Peter Carey. 2018. Data Protection: A Practical Guide to UK and EU Law. Oxford University Press fifth edition.
（二） 期刊論文
Alyssa Coley. 2017. International Data Transfers: The Effect of Divergent Cultural Views in Privacy Causes Deji' Vu. Hastings Law Journal 68(5):1111-1134.
Andraya Flor. 2021. The Impact of Schrems II: Next Steps for U.S. Data Privacy Law. Notre Dame Law Review 96(5):2035-2058.
Benjamin Wong. 2020. Data Localization and ASEAN Economic Community. Asian Journal of International Law 10(1):158-180.
Christopher Kuner. 2021. Territorial Scope and Data Transfer Rules in the GDPR: Realising the EU’s Ambition of Borderless Data Protection. University of Cambridge Faculty of Law Research Paper 20/2021:1-36.
Chiara Bertoldi. 2022. The New European Commission Decision on Standard Contractual Clauses: A System Reform? European Papers 2021 6(3):1363-1365.
Laura Bradford, Mateo Aboy, Kathleen Liddell. 2021. Standard Contractual Clauses for Cross-Border Transfers of Health Data After Schrems II. Journal of Law and the Biosciences 8(1):1-36.
Marc Rotenberg. 2020. Schrems II, from Snowden to China: Toward a New Alignment on Translantic Data Protection. European Law Journal 26(1-2):141-152.
Marco Botta, Klaus Wiedemann. 2019. The Interaction of EU Competition, Consumer, and Data Protection Law in the Digital Economy: The Regulatory Dilemma in the Facebook Odyssey. The Antitrust Bulletin 64(3):428-446.
Maria Helen Murphy. 2022. Assessing the Implication of Schrems II for EU-US Data Flow. International and Comparative Law Quarterly 71(1):245-262.
Michal Gal, Oshrit Aviv. 2020. The Competitive Effects of the GDPR. Journal of Competition Law and Economics (2020):1-37.
Graham Greenleaf. 2021. ASEAN Model Contractual Clauses: Low and Ambiguous Data Privacy Standards. Privacy Laws & Business International Report 22-24, UNSW Law Research Paper No. 21-83:1-6.
Gürkan Çapar. 2022. Global Regulatory Competition on Digital Rights and Data Protection: A Novel and Contractive Form of Eurocentrism? Global Constitutionalism 1-29.
Rósín Áine Costello. 2020. Schrems II：Everything Is Illuminated? European Forum 15:1045-1059.
Simon Gunst, Ferdi De Ville. 2021. The Brussels Effect: How the GDPR Conquered Silicon Valley. European Foreign Affairs Review 26(3):437-458.
Stefano Fantin. 2020. Data Protection Commissioner v Facebook Ireland Limited: AG Discusses the Validity of Standard Contractual Clauses and Raises the Concerns over Privacy Shield. European Data Protection Law Review 6(2):325-331.
（三） 國際組織文件和各國政府相關文書
Asia-Pacific Economic Coporation. 2021. What is the Cross-Border Privacy Rules System. Available at https://www.apec.org/about-us/about-apec/fact-sheets/what-is-the-cross-border-privacy-rules-system
Association of Southeast Asisan Nations. 2016. ASEAN Framework on Personal Data Protection. Available at https://asean.org/wp-content/uploads/2012/05/10-ASEAN-Framework-on-PDP.pdf
Association of Southeast Asisan Nations. 2017. ASEAN Framework on Digital Data Governace. Available at https://asean.org/wp-content/uploads/2012/05/6B-ASEAN-Framework-on-Digital-Data-Governance_Endorsedv1.pdf
Association of Southeast Asisan Nations. 2021. ASEAN Data Management Framework. Available at https://asean.org/wp-content/uploads/2-ASEAN-Data-Management-Framework_Final.pdf
Association of Southeast Asisan Nations. 2021. ASEAN Model Contractual Clauses for Cross Border Data Flows. Available at https://asean.org/wp-content/uploads/3-ASEAN-Model-Contractual-Clauses-for-Cross-Border-Data-Flows_Final.pdf
Data Protection Commission. 2020. DPC Statement on CJEU Decision. Available at https://www.dataprotection.ie/en/news-media/press-releases/dpc-statement-cjeu-decision
Department of Commerce. 2020. Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S. Data Transfers After Schrems II. Available at https://www.commerce.gov/sites/default/files/2020-09/SCCsWhitePaperFORMATTEDFINAL508COMPLIANT.PDF
European Commision. Adequacy Decision. Available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
European Commision. Binding Corporate Rules. Available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en
European Commision. Opinions and Recommendations. Available at https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/index_en.htm.
European Commission. 2019. Commission Implementing Decision (EU) 2019/419 of 23 January 2019 Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the Adequate Protection of Personal Data by Japan under the Act on the Protection of Personal Information. Available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32019D0419&rid=10
European Commsion. 2020. Draft Implementing Decision on Standard Contractual Clauses for the Transfer of Personal Data to Third CountriesPpursuant to Regulation (EU) 2016/679 of the European Parliament of the Council. Available at https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12741-Commission-Implementing-Decision-on-standard-contractual-clauses-for-the-transfer-of-personal-data-to-third-countries
European Commision. 2020. Joint Press Statement from European Commissioner for Justice Didier Reynders and U.S. Secretary of Commerce Wilbur Ross. Available at https://ec.europa.eu/newsroom/just/items/684836/en
European Commission. 2021. European Commission Adopts new tools for Safe Exchanges of Personal Data. Availablte at https://ec.europa.eu/commission/presscorner/detail/fi/ip_21_2847
European Commision. 2022. European Commission and United States Joint Statement on Trans-Atlantic Data Privacy Framework. Available at https://ec.europa.eu/commission/presscorner/detail/en/IP_22_2087
European Commision. 2022. The New Standard Contractual Clauses- Questions and Answers. Available at https://ec.europa.eu/info/sites/default/files/questions_answers_on_sccs_en.pdf
European Data Protection Board. Approved Binding Corporate Rules. Available at https://edpb.europa.eu/our-work-tools/accountability-tools/bcr_en?page=2
European Data Protection Board. Code of Conduct. Available at https://edpb.europa.eu/our-work-tools/our-documents/topic/code-conduct_en
European Data Protection Board. 2018. Endorsement of GDPR WP29 Guidelines by the EDPB. Available at https://edpb.europa.eu/news/news/2018/endorsement-gdpr-wp29-guidelines-edpb_en
European Data Protection Board. 2018. Guidelines 2/2018 on Derogations of Article 49 under Regulation 2016/679. Available at https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_2_2018_derogations_en.pdf
European Data Protection Board. 2019. Guidelines 1/2018 on Certification and Identifying Certification Criteria in Accordance with Articles 42 and 43 of the Regulation(ver.3). Available at https://edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_201801_v3.0_certificationcriteria_annex2_en.pdf
European Data Protection Board. 2019. Guideline 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679. Available at https://edpb.europa.eu/our-work-tools/documents/public-consultations/2019/guidelines-12019-codes-conduct-and-monitoring_en
European Data Protection Board. 2019. Guideline 3/2018 on the Territorial Scope of the GDPR (Article 3), ver.2. Available at https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-32018-territorial-scope-gdpr-article-3-version_en
European Data Protection Board. 2020. Frequently Asked Questions on the Judgment of the Court of Justice of the European Union in Case C-311/18 – Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems. Available at https://edpb.europa.eu/sites/edpb/files/files/file1/20200724_edpb_faqoncjeuc31118_en.pdf
European Data Protection Broad. 2020. Guidelines 07/2020 on the Concepts of Controller and Processor in the GDPR. Availablte at https://edpb.europa.eu/our-work-tools/documents/public-consultations/2020/guidelines-072020-concepts-controller-and_en
European Data Protection Board. 2020. Recommendation 01/2020 Measures That Supplement Transfer Tools to Ensure Compliance with the EU Level of Protection of Personal Data. Available at https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/recommendations-012020-measures-supplement-transfer_en
European Data Protection Board. 2020. Recommendations 02/2020 on the European Essential Guarantees for Surveillance measures. Available at https://edpb.europa.eu/our-work-tools/our-documents/preporki/recommendations-022020-european-essential-guarantees_en
European Data Protection Board. 2021. 54th Plenary Meeting. Available at https://edpb.europa.eu/system/files/2021-10/20210914plenfinalminutes_54thplenary_public.pdf
European Data Protection Board. 2021. EDPB Adopts Final Version of Recommendations on Supplementary Measures, Letter to EU Institutions on the Privacy and Data Protection Aspects of a Possible Digital Euro, and Designates Three EDPB Members to the ETIAS Fundamental Rights Guidance Board. Available at https://edpb.europa.eu/news/news/2021/edpb-adopts-final-version-recommendations-supplementary-measures-letter-eu_en
European Data Protection Board. 2021. EDPB-EDPS Joint Opinion 2/2021 on the European Commission’s Implementing Decision on Standard Contractual Clauses for the Transfer of Personal Data to Third Countries. Available at https://edpb.europa.eu/our-work-tools/our-documents/edpbedps-joint-opinion/edpb-edps-joint-opinion-22021-standard_en
European Data Protection Board. 2021. Guidelines 04/2021 on Codes of Conduct as Tools for Transfers. Available at https://edpb.europa.eu/system/files/2021-07/edpb_guidelinescodesconducttransfers_publicconsultation_en.pdf
Eueopean Data Protection Board. 2021. Guidelines 05/2021 on the Interplay Between the Application of Article 3 and the Provisions on International Transfers as per Chapter V of the GDPR. Available at https://edpb.europa.eu/our-work-tools/documents/public-consultations/2021/guidelines-052021-interplay-between-application_en
European Data Protection Board. 2021. Recommendation 01/2020 Measures That Supplement Transfer Tools to Ensure Compliance with the EU Level of Protection of Personal Data Version 2.0. Available at https://edpb.europa.eu/our-work-tools/our-documents/recommendations/recommendations-012020-measures-supplement-transfer_en
European Data Protection Board. 2021. Recommendations 02/2020 on the European Essentail Gurantees for Surveillance Measures. Available at https://edpb.europa.eu/sites/default/files/files/file1/edpb_recommendations_202002_europeanessentialguaranteessurveillance_en.pdf
Patients First. 2021. What You Need to Know About the New Privacy Act 2020. Available at https://patientsfirst.org.nz/what-you-need-to-know-about-the-new-privacy-act-2020/
Privacy Commissioner. 2020. International data transfers: The Schrems II decision. Available at https://privacy.org.nz/blog/international-data-transfers-the-schrems-ii-decision/
Privacy Com missioner. 2020. Model Contract Clauses for Sending Personal Information Overseas. Available at https://www.privacy.org.nz/blog/model-contract-clauses-for-sending-personal-information-overseas/
Privacy Commisioner. 2020. Privacy 2.0: Key Changes in the Privacy Act 2020. Available at https://www.privacy.org.nz/blog/key-changes-in-the-privacy-act-2020/
Privacy Commissioner. 2021. Comparing the Privacy Acts-1993 and 2020. Available at https://www.privacy.org.nz/publications/guidance-resources/comparing-the-privacy-acts-1993-and-2020/
Privacy Commissioner. 2021. Disclosing Personal Information Outside New Zealand- the New Information Privacy Principle 12. Available at https://privacy.org.nz/responsibilities/your-obligations/disclosing-personal-information-outside-new-zealand/
Privacy Commsioner. 2021. Which Countries Are Considered to Have Comparable Levels of Privacy Protection to New Zealand? Available at https://www.privacy.org.nz/tools/knowledge-base/view/598?t=289318_390165
Personal Data Protection Commission. 2021. Guidence for Use of ASEAN Model Contractual Clauses for Cross Border Data Flows in Singapore. Available at https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Other-Guides/Singapore-Guidance-for-Use-of-ASEAN-MCCs.pdf?la=en
The White House. 2022. Fact Sheet: United States and European Commission Announce Trans-Atlantic Data Privacy Framework. Available at https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/25/fact-sheet-united-states-and-european-commission-announce-trans-atlantic-data-privacy-framework/
Republic of Philipines National Privacy Commision. 2021. Guidence for the Use of the ASEAN Model Contract Clauses and ASEAN Data Management. Available at https://www.privacy.gov.ph/wp-content/uploads/2021/06/Advisory-ASEAN-MCC-DMF_FINAL-signed.pdf
Working Party 29. 1998. Working Document Transfers of Personal Data to Third Countries: Applying Articles 25 and 26 of the EU Data Protection Directive (wp12). Available at https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/1998/wp12_en.pdf
Working Party 29. 2018. Position Paper on the Derogation from the Obligation to Maintain Records of Processing Activities Pursuant to Article 30.5. Available at https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=624045
Working Party 29. 2018. Working Document on Adequacy Referential (wp254rev.01). Availablte at https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=614108
Working party 29. 2018. Working Document on Binding Corporate Rules for Controllers (wp256rev.01). Available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en
Working party 29. 2018. Working Document on Binding Corporate Rules for Processors (wp257rev.01). Available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en
Working party 29. 2018. Working Document on the Approval Procedure of the Binding Corporate Rules for Controllers and Processors (wp263rev.01). Available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en
（四） 網路文獻
Alex Frhr, Alexander Schmalenberger, Paul Voigt. 2022. Trans-Atlantic Data Privacy Framework (TADPF) - the Road Ahead. Available at https://www.taylorwessing.com/zh-hant/insights-and-events/insights/2022/04/trans-atlantic-data-privacy-framework---the-road-ahead
Amazon. Indonesia Data Privacy. Available at https://aws.amazon.com/compliance/indonesia-data-privacy/?nc1=h_ls
Andreas Carney. 2021. Court Backs Irish Regulator on Facebook Data Transfers Inquiry. Available at https://www.pinsentmasons.com/out-law/news/court-irish-regulator-facebook-data-transfers
Apple. Privacy Governance. Available at https://www.apple.com/legal/privacy/en-ww/governance/
Apple. Privacy Policy. Available at https://www.apple.com/legal/privacy/en-ww/
Arindrajit Basu. 2020. The Retreat of the Data Localization Brigade: India, Indonesia and Vietnam. Available at https://thediplomat.com/2020/01/the-retreat-of-the-data-localization-brigade-india-indonesia-and-vietnam/
Carlo Piltz. 2021. Scope of the New SCC - Discussions about Recital 7. Avialbale at https://www.delegedata.de/2021/06/scope-of-the-new-scc-discussions-about-recital-7/
Caitlin Fennessy. 2021. New EDPB Guidelines Define International Transfers: Dancing in Place. Available at https://iapp.org/news/a/new-edpb-guidelines-define-international-transfers-dancing-in-place/
Dla Piper. 2021. Data Protection Laws of the World: Laos. Available at https://www.dlapiperdataprotection.com/index.html?t=transfer&c=LA
ENISA. 2019. What Is "State of the Art" in IT Security? Available at https://www.enisa.europa.eu/news/enisa-news/what-is-state-of-the-art-in-it-security
Eoin Campbell. 2019. The GDPR and the Brussels Effect. Available at https://www.compliancejunction.com/the-gdpr-and-the-brussels-effect/
Forbes. 2016. The Digital Economy in 5 Minutes. Available at https://www.forbes.com/sites/koshagada/2016/06/16/what-is-the-digital-economy/?sh=19ab181d7628
Facebook. Terms of Service. Available at https://www.facebook.com/terms.php
Gabriela Zanfir-Fortuna. 2022. Reading the Signs of the Political Agreement on the New Transatlantic Data Privacy Framework. Available at https://fpf.org/blog/reading-the-signs-the-political-agreement-on-the-new-transatlantic-data-privacy-framework/
GDPR EU. Does the GDPR Apply to Companies Outside of the EU? Available at https://gdpr.eu/companies-outside-of-europe/
Henrik Hanssen, Katie McMullan, Eduardo Ustaran. 2022. The European Commission Clarifies Its Own Standard Contractual Clauses. Available at https://www.jdsupra.com/legalnews/the-european-commission-clarifies-its-4391663/
Hogan Lovells. 2021. ASEAN Launches Model Contractual Clauses for Cross Border Data Transfers. Available at https://www.lexology.com/library/detail.aspx?g=53da2aa1-ed90-4132-9468-4b29ee2e3618
James M. Sullivan. 2020. Letter from Deputy Assistant Secretary James Sullivan on the Schrems II Decision. Available at https://www.commerce.gov/about/letter-deputy-assistant-secretary-james-sullivan-schrems-ii-decision
Karan Bhatia. 2022. The Trans-Atlantic Data Privacy Framework: Building for the Long Term. Available at https://blog.google/outreach-initiatives/public-policy/trans-atlantic-data-privacy-framework-building-long-term/
Karry Lai. 2021. ASEAN Model Contractual Clauses Need Convergence with the EU. Available at https://www.iflr.com/article/b1s5kwsn6klccm/asean-model-contractual-clauses-need-convergence-with-the-eu
Kelly M. Hagedorn, David P. Saunders and Matthew Worby. Schrems II - What Next for International Data Transfers? 2020. Available at https://www.lexology.com/library/detail.aspx?g=ea00f17c-ad53-4254-9211-c1167f73d54d
Lokke Moerel, Alex van der Wolk. 2021. Why It Is Unlikely the Announced Supplemental SCCs will Materialize. Available at https://iapp.org/news/a/why-it-is-unlikely-the-announced-supplemental-sccs-will-materialize/
Mark Parsons, Anthony Liu, Jacqueline Chan. 2021. International: Comparing Contractual Clauses - ASEAN MCCs v. EU SCCs. Available at https://www.dataguidance.com/opinion/international-comparing-contractual-clauses-asean
Meta Platforms. 2021. Annual Report Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 For the Fiscal Year Ended December 31. Available at https://d18rn0p25nwr6d.cloudfront.net/CIK-0001326801/14039b47-2e2f-4054-9dc5-71bcc7cf01ce.pdf
Michael Punke. 2022. AWS Welcomes New Trans-Atlantic Data Privacy Framework. Available at https://aws.amazon.com/blogs/security/aws-welcomes-new-trans-atlantic-data-privacy-framework/
Microsoft. 2018. Microsoft’s Commitment to GDPR, Privacy and Putting Customers in Control of Their Own Data. Available at https://blogs.microsoft.com/on-the-issues/2018/05/21/microsofts-commitment-to-gdpr-privacy-and-putting-customers-in-control-of-their-own-data/
Microsoft. 2018. Safeguard Individual Privacy Rights under GDPR with the Microsoft Intelligent Cloud. Available at https://www.microsoft.com/en-us/microsoft-365/blog/2018/05/25/safeguard-individual-privacy-rights-under-gdpr-with-the-microsoft-intelligent-cloud/
Microsoft. 2019. GDPR’s First Anniversary: A Year of Progress in Privacy Protection. Available at https://blogs.microsoft.com/on-the-issues/2019/05/20/gdprs-first-anniversary-a-year-of-progress-in-privacy-protection/.
Müge Fazlioglu. 2021. IAPP-EY Annual Governance Report 2019. Available at https://iapp.org/resources/article/privacy-governance-report/
NOYB. 2021. Settlement between DPC and Schrems. Available at https://noyb.eu/sites/default/files/2021-05/Settelement%20-%20DPC%20-%20Schrems.pdf
NOYB. 2022. "Privacy Shield 2.0"? - First Reaction by Max Schrems. Available at https://noyb.eu/en/privacy-shield-20-first-reaction-max-schrems
Olivia Ward. 2021. What is a Data Transfer under GDPR? EDPB Aims to Clarify with New Guidance on International Transfer. Available at https://www.lexology.com/library/detail.aspx?g=60f43480-764b-4992-9203-07edc215d7ce
Philip Ziter. 2021. Coming Rules: Vietnam’s New Draft Decree on Personal Data Protection. Available at https://www.lexology.com/library/detail.aspx?g=2a984c37-100b-498c-895a-81cdb0412c7e
Privacy Research Team of Securiti. 2020. International Data Transfers under New Zealand’s new Privacy Act. Available at https://securiti.ai/blog/data-transfers-under-new-zealand-privacy-act/
Ridzuan Razif. 2021. International: ASEAN DMF and MCCs: Expectations for National Implementation – Part 2. Available at https://www.dataguidance.com/opinion/international-asean-dmf-and-mccs-expectations
Technologies.org. 2018. By 2023 Nearly Every Enterprise Will Be “Digital Native” in an Increasingly Digitized Global Economy. Available at https://technologies.org/by-2023-nearly-every-enterprise-will-be-digital-native-in-an-increasingly-digitized-global-economy/