Regulation of Transborder Data Flows under ... - Tilburg University
Regulation of Transborder Data Flows under ... - Tilburg University
Regulation of Transborder Data Flows under ... - Tilburg University
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Kuner/<strong>Regulation</strong> <strong>of</strong> <strong>Transborder</strong> <strong>Data</strong> <strong>Flows</strong> <strong>under</strong> <strong>Data</strong> Protection and Privacy Law 55<br />
Annex: <strong>Data</strong> Protection and Privacy Law Instruments Regulating<br />
<strong>Transborder</strong> <strong>Data</strong> <strong>Flows</strong><br />
Note: The following Annex covers only data protection and privacy law instruments that specifically deal<br />
with transborder data flows (i.e., provisions dealing with data transfers in general are not included,<br />
except in a few special cases). With the exception <strong>of</strong> those described in section D, only legally-binding<br />
instruments that are currently in force (in most cases legislation), or influential non-binding instruments<br />
promulgated by leading international institutions, have been included. While substantial effort has been<br />
made regarding the accuracy <strong>of</strong> the citations and <strong>of</strong> the translations (most <strong>of</strong> which are taken verbatim<br />
from <strong>of</strong>ficial sources), no guarantees are made in this regard<br />
A. International instruments (binding and non-binding)<br />
Name Provisions Text or translation (excerpts; notes are given in italics)<br />
APEC APEC Privacy<br />
Framework<br />
(can be voluntarily<br />
implemented in the 21<br />
APEC Member<br />
Economies: Australia;<br />
Brunei Darussalam;<br />
Canada; Chile; the<br />
People's Republic <strong>of</strong><br />
China; Hong Kong,<br />
China; Indonesia; Japan;<br />
Republic <strong>of</strong> Korea;<br />
Malaysia; Mexico; New<br />
Zealand; Papua New<br />
Guinea; Peru; The<br />
Philippines; Russia;<br />
Singapore; Chinese<br />
Taipei; Thailand; the<br />
United States <strong>of</strong> America;<br />
Council <strong>of</strong><br />
Europe<br />
and Vietnam)<br />
Convention for the<br />
Protection <strong>of</strong> Individuals<br />
with regard to Automatic<br />
Processing <strong>of</strong> Personal<br />
<strong>Data</strong>, January 28, 1981,<br />
ETS 108 (1981)<br />
Principle IX (Accountability)<br />
A personal information controller should be accountable for complying<br />
with measures that give effect to the Principles stated above. When<br />
personal information is to be transferred to another person or<br />
organization, whether domestically or internationally, the personal<br />
information controller should obtain the consent <strong>of</strong> the individual or<br />
exercise due diligence and take reasonable steps to ensure that the<br />
recipient person or organization will protect the information<br />
consistently with these Principles.<br />
Article 12 – <strong>Transborder</strong> flows <strong>of</strong> personal data and domestic law<br />
1. The following provisions shall apply to the transfer across<br />
national borders, by whatever medium, <strong>of</strong> personal data<br />
<strong>under</strong>going automatic processing or collected with a view to<br />
their being automatically processed.<br />
2. A Party shall not, for the sole purpose <strong>of</strong> the protection <strong>of</strong><br />
privacy, prohibit or subject to special authorisation<br />
transborder flows <strong>of</strong> personal data going to the territory <strong>of</strong><br />
another Party.<br />
3. Nevertheless, each Party shall be entitled to derogate from the<br />
provisions <strong>of</strong> paragraph 2:<br />
a. ins<strong>of</strong>ar as its legislation includes specific regulations<br />
for certain categories <strong>of</strong> personal data or <strong>of</strong>