MR>>> nodelist, the organization in the USA receiving the data has to MR>>> be certified for being compliant with the Privacy Shield. In our MR>>> case Z1 would need that certification.
MvdV>> I fail to see how this can apply to data that is made MvdV>> publically available. Does it apply to telephone books?
MR> The GDPR doesn't differentiate between public and non-public private MR> data. A printed telephone book could be a different story. The GDPR MR> surely applies to the personal data for the telephone book.
I am not saying it does not apply, but this particular clause about sharing data with organisations in other countries simply does not make sense for data that is public. So there must be something wrong with your interpretation.