A growing number of security policies are based on access to and exchange of personal data, frequently with an international scope. While transatlantic measures generally include the EU as a single actor, the last two years have seen a proliferation of bilateral agreements between the US and individual EU member states. These agreements usually seek to extend abroad a range of specific, internal security measures. This paper aims at studying the position of relevant actors and their capacity to increase their power or to quell resistance during the process of extra-territorialisation. The paper assumes as a hypothesis that the set-up of security policies is readable as a ‘plateau’, a transversal field in which actors’ ability to shape new configurations of actors and fields is a key asset for enhancing their relevance. The research investigates this hypothesis further by taking as a case study the conclusion, in March 2008, of a transatlantic agreement on data exchange between Germany and the US. The text of the agreement mirrors the wording of existing European instruments and thus seems to offer an appropriate occasion to analyse the process of extra-territorialisation of security policies.