This Article is part of the special issue 'Privacy and Cyber Security on The Books and on The Ground' and explores how the co-regulation instruments foreseen under the General Data Protection Regulation (GDPR) could be used, beside the commonly known adequacy decision called ‘US Privacy Shield’, for the legitimate transfer of personal data to third countries.The first conference in a transatlantic dialogue on privacy and cyber security, held in November 2017 at HIIG in Berlin, brought together an eminent transdisciplinary group of experts from academia, administration, business and civil society from both sides of the Atlantic. It was carried by the hope to find a deeper understanding of the issues at stake and common approaches allowing the internet and digitalisation in general, to develop in the interest of all, across the Atlantic and perhaps worldwide. This edited volume presents the outcome of this first conference, both to the interested public and for the preparation of the second conference in October 2018 in New York.
