The General Data Protection Regulation contains a blanket prohibition on the transfer of personal data outside of the European Economic Area unless strict requirements are met. The rationale for this provision is to protect personal data and data subject rights by restricting data transfers to countries that may not have the same level of protection as the EEA. However, the ubiquitous and permeable character of new technologies such as cloud computing, and the increased inter connectivity between societies, has made international data transfers the norm and not the exception. The Schrems II case and subsequent regulatory developments have further raised the bar for companies to comply with complex and, often, opaque rules. Many firms are, therefore, pursuing technology-based solutions in order to mitigate this new legal risk. These emerging technological alternatives reduce the need for open-ended cross-border transfers and the practical challenges and legal risk that such transfers create after Schrems. This article examines one such alternative, namely a user-held data model. This approach takes advantage of personal data clouds that allows data subjects to store their data locally and in a more decentralised manner, thus decreasing the need for cross-border transfers and offering end-users the possibility of greater control over their data.

翻译：《通用数据保护条例》全面禁止将个人数据传输至欧洲经济区以外，除非满足严格的要求。该条款的基本原理是通过限制向可能不具备与欧洲经济区同等保护水平的国家传输数据，以保护个人数据和数据主体的权利。然而，诸如云计算等新技术无处不在且具有渗透性的特点，以及社会间日益增强的互联互通，使得国际数据传输已成为常态而非例外。Schrems II案及随后的监管发展进一步提高了企业遵守复杂且往往不透明规则的门槛。因此，许多公司正在寻求基于技术的解决方案，以减轻这种新的法律风险。这些新兴的技术替代方案减少了对开放式跨境传输的需求，以及此类传输在Schrems案后所带来的实际挑战和法律风险。本文探讨了其中一种替代方案，即用户持有数据模型。该方法利用个人数据云，允许数据主体在本地以更去中心化的方式存储其数据，从而减少跨境传输的需求，并为终端用户提供对其数据更大控制权的可能性。