Some third countries adopt laws, regulations and other legal acts which purport to directly regulate the processing activities of natural and legal persons under the jurisdiction of the Member States. This may include judgments of courts or tribunals or decisions of administrative authorities in third countries requiring a controller or processor to transfer or disclose personal data, and which are not based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State. The extraterritorial application of those laws, regulations and other legal acts may be in breach of international law and may impede the attainment of the protection of natural persons ensured in the Union by this Regulation. Transfers should only be allowed where the conditions of this Regulation for a transfer to third countries are met. This may be the case, inter alia, where disclosure is necessary for an important ground of public interest recognised in Union or Member State law to which the controller is subject.
GDPR Recital EN
Recital 115
Related across sources
Guidance Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement Guidance Version history Guidance Guidelines 05/2020 on consent under Regulation 2016/679 Guidance Guidelines 02/2024 on Article 48 GDPR Guidance Guidelines 03/2022 on Deceptive design patterns in social media platform interfaces: how to recognise and avoid them Guidance Guidelines 01/2022 on data subject rights - Right of access