In the area of data protection, the EEA Agreement includes EU legislation of general application for business-related activities, such as the General Data Protection Regulation (EU) 2016/679 and all related «adequacy decisions», which allow the international transfer of personal data with counterparties outside the EEA, as well as Directive 2002/58/EC on data protection and related acts such as Regulation (EU) No 611/2013 on data protection notifications 100 000 000 000. As a result, individuals enjoy the same level of protection in the EEA-EFTA States – Iceland, Liechtenstein and Norway – and in the EU. Controllers or processors of personal data established in an EEA EFTA State are subject to the obligations laid down in EU law and their compliance is monitored by the independent data protection authority of each EEA-EFTA State. A second possibility for the transmission of personal data is Article 46 of the GDPR, which requires the use of appropriate safeguards, such as. B legally binding and enforceable instruments between authorities or bodies, binding internal rules of the company, standard data protection clauses approved by the Commission or an approved code of conduct or certification mechanism.  Other safeguards, such as contractual clauses or provisions of administrative agreements drawn up by the parties, may also be considered appropriate safeguards, but only after they have been validated by the competent supervisory authorities.  Chapter 5 of the GDPR begins with a general ban on the transfer of data to third countries, and then outlines a hierarchy of exclusions.  The main exclusions that allow responsible bodies or processors to transmit data are three, namely: a) by adequacy decision of the European Commission (Art. 45 GDPR), b) transmissions under appropriate safeguards (Art. 46 GDPR) or c) derogations for certain situations (Art. 49 GDPR).
  European Commission, presentation of the 5th round of trade negotiations between the European Union and Indonesia trade.ec.europa.eu. The proposal on the protection of personal data in the EU-Australia Free Trade Agreement does not refer to ICS. . . .