This article develops
and applies a multi-dimensional model to explain the adequacy assessment
process and to evaluate its effectiveness in promoting the EU’s data protection
standards globally. An analysis of both successful and unsuccessful adequacy
decisions under Directive 95/46/EC and the General Data Protection Regulation
(GDPR) reveals that the process has become more streamlined, with increasingly
stringent criteria. The model also highlights how, historically, the European
Commission factored in trade considerations, leading to the adoption of
adequacy decisions that fell short of EU data protection standards. The article
explores the Commission’s strategic motivations for doing so and assesses
whether effective mechanisms are now in place to mitigate the impact of trade
factors and prevent the adoption of deficient adequacy decisions or require
their remediation. It concludes that, although the assessment process and
criteria are more robust, their application remains inconsistent. Moreover,
unresolved tensions around mass surveillance continue to undermine the EU’s efforts
to position its data protection regime as the global norm.