Resource Center / Tools and Trackers / Global adequacy capabilities
Global adequacy capabilities
This infographic shows the jurisdictions that have taken steps to standardize draft contractual clauses for transferring personal data internationally.
Last updated: March 2024
Contributors:
The proliferation of new or updated data privacy laws around the world has resulted in a marked rise in the number of centralized data "adequacy" capabilities.
This infographic shows the jurisdictions that vest powers in either the data privacy regulator or a government authority to designate other jurisdictions as having "adequate" data privacy standards.
An "adequate" designation describes instances where a third country has been assessed as providing data privacy standards that are sufficiently comparable to those of the assessing jurisdiction. These unilateral determinations permit the free flow of personal data, without the parties to the transfer being required to implement further safeguards or obtain further authorizations. In some jurisdictions the capabilities go by alternative legislative terms – such as "equivalence," "comparable," and "sufficiently similar" – and in some jurisdictions more colloquial terminology is used such as "whitelists" and "data bridges."
This infographic does not detail whether and how such capabilities have been exercised nor does it show the availability of mechanisms and guidance for transferring personal data to non-"adequate" countries. This will be the subject of further research by the IAPP.
For information on global data transfer contracts, see this infographic.
The IAPP Resource Center additionally hosts an "International Data Transfers" topic page, which updates regularly with the latest news and resources.
85 jurisdictions vest powers in either a data privacy regulator or government authority to designate other jurisdictions as having “adequate” data privacy standards.
Abu Dhabi Global Market
Albania
Algeria
Andorra
Angola
Argentina
Armenia
Bahamas
Bahrain
Barbados
Belarus
Benin
Bermuda
Bosnia and Herzegovina
Botswana
Brazil
Burkina Faso
Cabo Verde
Cayman Islands
Chad
Colombia
Congo
Côte d'Ivoire
Dubai International Financial Centre
Egypt
Equatorial Guinea
European Economic Area
European Union
Faroe Islands
Gabon
Georgia
Gibraltar
Guernsey
Guinea
Indonesia
Isle of Man
Israel
Japan
Jersey
Kazakhstan
Kenya
Kosovo
Kyrgyz Republic
Macau
Madagascar
Malaysia
Moldova
Montenegro
Morocco
Monaco
New Zealand
Niger
Nigeria
North Macedonia
Panama
People's Republic of China
Peru
Qatar Financial Centre
Republic of Korea
Russian Federation
São Tomé and Príncipe
Saint Lucia
Saudi Arabia
Senegal
Serbia
South Africa
South Korea
Sri Lanka
Switzerland
Taiwan
Tajikistan
Tanzania
Togo
Thailand
Trinidad and Tobago
Turkey
Turkmenistan
Tunisia
Uganda
Ukraine
United Kingdom
Uruguay
Uzbekistan
Zambia
Zimbabwe