“When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else.” – David Brin.

Twice within ten years, the European Union’s (EU) framework for regulating international data transfers has failed under judicial scrutiny.(1) What was initially framed as a solution for enabling seamless data transfers, now exposes a structural tension between fundamental rights protection and the realities of cross-border data exchange. As data flows increasingly underpin the global economy(2), the instability of the EU’s adequacy criteria suggests that the core problem may lie not in the strictness of standards but in the institutional mechanism by which those standards are put into practice.