Personal data flows globally. The EU has its own rules on data protection, which it keeps strengthening. The EU data protection rules and fundamental rights include a clear commitment to allocate to individuals certain data subject rights to be able to participate in the processing of their own data. While in principle cross-border transfers of personal data may only happen, if the third country has some level of data protection guaranteeing the fundamental rights to data protection and privacy, it is unclear, to what extent data subject rights play a role in this assessment. Since
the Schrems case of the Court of Justice of the EU however, the standard of protection for personal data to flow into a third country needs to be of an "equivalent level", which notably means respecting to some extent the data subject rights of the individual.
The exact meaning and implications of this new standard are unclear. Actually the very requirements that apply inside the EU have not been well studied. Not much is known about data subject rights, even though they were the trigger in Schrems leading to a new standard for cross- border transfers and a reframing of data exchanges between the EU and the US.
This research will provide EU standards for data subject rights and their possible limitations in a cross-border context. It is my hypothesis, that so far, data subject rights have not been given the weight they deserve for the protection of personal data in cross-border situations.