This Article explores the European Union (EU) adequacy mechanism for assessing cross-border data flows, and highlights where U.S. law aligns with and differs from the EU approach to privacy. Following the Introduction, Part I explains how the EU adequacy mechanism works and how it has been applied in practice. Parts II and III then review the case for and against U.S. privacy law being deemed adequate under the EU privacy framework. The Article concludes with some thoughts on how cross-border data flows can be managed as both the United States and EU contemplate new privacy laws and a new transatlantic trade agreement.
European Union privacy law; international data transfers; privacy law; international law