Regulation of Transborder Data Flows under ... - Tilburg University

Kuner/Regulation of Transborder Data Flows under Data Protection and Privacy Law 55 

Annex: Data Protection and Privacy Law Instruments Regulating 

Transborder Data Flows 

Note: The following Annex covers only data protection and privacy law instruments that specifically deal 

with transborder data flows (i.e., provisions dealing with data transfers in general are not included, 

except in a few special cases). With the exception of those described in section D, only legally-binding 

instruments that are currently in force (in most cases legislation), or influential non-binding instruments 

promulgated by leading international institutions, have been included. While substantial effort has been 

made regarding the accuracy of the citations and of the translations (most of which are taken verbatim 

from official sources), no guarantees are made in this regard 

A. International instruments (binding and non-binding) 

Name Provisions Text or translation (excerpts; notes are given in italics) 

APEC APEC Privacy 

Framework 

(can be voluntarily 

implemented in the 21 

APEC Member 

Economies: Australia; 

Brunei Darussalam; 

Canada; Chile; the 

People's Republic of 

China; Hong Kong, 

China; Indonesia; Japan; 

Republic of Korea; 

Malaysia; Mexico; New 

Zealand; Papua New 

Guinea; Peru; The 

Philippines; Russia; 

Singapore; Chinese 

Taipei; Thailand; the 

United States of America; 

Council of 

Europe 

and Vietnam) 

Convention for the 

Protection of Individuals 

with regard to Automatic 

Processing of Personal 

Data, January 28, 1981, 

ETS 108 (1981) 

Principle IX (Accountability) 

A personal information controller should be accountable for complying 

with measures that give effect to the Principles stated above. When 

personal information is to be transferred to another person or 

organization, whether domestically or internationally, the personal 

information controller should obtain the consent of the individual or 

exercise due diligence and take reasonable steps to ensure that the 

recipient person or organization will protect the information 

consistently with these Principles. 

Article 12 – Transborder flows of personal data and domestic law 

1. The following provisions shall apply to the transfer across 

national borders, by whatever medium, of personal data 

undergoing automatic processing or collected with a view to 

their being automatically processed. 

2. A Party shall not, for the sole purpose of the protection of 

privacy, prohibit or subject to special authorisation 

transborder flows of personal data going to the territory of 

another Party. 

3. Nevertheless, each Party shall be entitled to derogate from the 

provisions of paragraph 2: 

a. insofar as its legislation includes specific regulations 

for certain categories of personal data or of

Previous page

Next page

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

Regulation of Transborder Data Flows under ... - Tilburg University

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?