EEA Agreement

The EEA Agreement integrates EFTA states (except Switzerland) into the EU single market. Relevant EU legislation, including GDPR and other data protection rules, is incorporated into the EEA legal framework, ensuring equivalent protection across EEA countries.

The EEA Agreement creates a legal framework for extending EU internal market rules to Iceland, Liechtenstein, and Norway. When the EU adopts new legislation affecting the single market, including data protection regulations like GDPR, these are incorporated into the EEA Agreement through a Joint Committee decision. This means GDPR applies throughout the EEA, not just the EU. For data protection purposes, transfers between EU and EEA countries are treated as internal transfers, not third-country transfers. The EFTA Surveillance Authority monitors compliance in EEA EFTA states, parallel to the European Commission’s role in EU states.