From the Opinion:
“38. The Community legislature also wished that the protective regime thus established should not be impaired when personal data leave Community territory. It became apparent that the international dimension of information flows would render legislation that was effective only in that territory inadequate if not useless. The Community legislature therefore opted for a system requiring, in order for transfers of personal data to a third country to be allowed, that the country concerned ensure an ‘adequate level of protection’ for such data.
39. The Community legislature thus laid down the rule that ‘the transfer of personal data to a third country which does not ensure an adequate level of protection must be prohibited’.
40. Accordingly, Article 25 of Directive 95/46 sets out the principles to which transfers of personal data to third countries are to be subject:”
Relevant Law: Directive 95/46/EC, Article 25
The full text is available at http://curia.europa.eu…