Regulation of Transborder Data Flows under ... - Tilburg University
Regulation of Transborder Data Flows under ... - Tilburg University
Regulation of Transborder Data Flows under ... - Tilburg University
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Kuner/<strong>Regulation</strong> <strong>of</strong> <strong>Transborder</strong> <strong>Data</strong> <strong>Flows</strong> <strong>under</strong> <strong>Data</strong> Protection and Privacy Law 60<br />
OECD Guidelines on the<br />
Protection <strong>of</strong> Privacy and<br />
<strong>Transborder</strong> <strong>Flows</strong> <strong>of</strong><br />
Personal <strong>Data</strong> (1980)<br />
penalties;<br />
(b) the receiving authority in the third State or receiving<br />
international body is responsible for the prevention,<br />
investigation, detection or prosecution <strong>of</strong> criminal <strong>of</strong>fences or<br />
the execution <strong>of</strong> criminal penalties;<br />
(c) the Member State from which the data were obtained has<br />
given its consent to transfer in compliance with its national law;<br />
and<br />
(d) the third State or international body concerned ensures an<br />
adequate level <strong>of</strong> protection for the intended data processing.<br />
2. Transfer without prior consent in accordance with paragraph<br />
1(c) shall be permitted only if transfer <strong>of</strong> the data is essential<br />
for the prevention <strong>of</strong> an immediate and serious threat to public<br />
security <strong>of</strong> a Member State or a third State or to essential<br />
interests <strong>of</strong> a Member State and the prior consent cannot be<br />
obtained in good time. The authority responsible for giving<br />
consent shall be informed without delay.<br />
3. By way <strong>of</strong> derogation from paragraph 1(d), personal data<br />
may be transferred if:<br />
(a) the national law <strong>of</strong> the Member State transferring the data<br />
so provides because <strong>of</strong>:<br />
(i) legitimate specific interests <strong>of</strong> the data subject; or<br />
(ii) legitimate prevailing interests, especially important public<br />
interests; or<br />
(b) the third State or receiving international body provides<br />
safeguards which are deemed adequate by the Member State<br />
concerned according to its national law.<br />
4. The adequacy <strong>of</strong> the level <strong>of</strong> protection referred to in<br />
paragraph 1(d) shall be assessed in the light <strong>of</strong> all the<br />
circumstances surrounding a data transfer operation or a set <strong>of</strong><br />
data transfer operations. Particular consideration shall be given<br />
to the nature <strong>of</strong> the data, the purpose and duration <strong>of</strong> the<br />
proposed processing operation or operations, the State <strong>of</strong><br />
origin and the State or international body <strong>of</strong> final destination<br />
<strong>of</strong> the data, the rules <strong>of</strong> law, both general and sectoral, in force<br />
in the third State or international body in question and the<br />
pr<strong>of</strong>essional rules and security measures which apply.<br />
15. Member countries should take into consideration the implications<br />
for other Member countries <strong>of</strong> domestic processing and re-export <strong>of</strong><br />
personal data.<br />
16. Member countries should take all reasonable and appropriate steps<br />
to ensure that transborder flows <strong>of</strong> personal data, including transit<br />
through a Member country, are uninterrupted and secure.<br />
17. A Member country should refrain from restricting transborder<br />
flows <strong>of</strong> personal data between itself and another Member country<br />
except where the latter does not yet substantially observe these<br />
Guidelines or where the re-export <strong>of</strong> such data would circumvent its<br />
domestic privacy legislation. A Member country may also impose<br />
restrictions in respect <strong>of</strong> certain categories <strong>of</strong> personal data for which<br />
its domestic privacy legislation includes specific regulations in view <strong>of</strong><br />
the nature <strong>of</strong> those data and for which the other Member country<br />
provides no equivalent protection.<br />
18. Member countries should avoid developing laws, policies and<br />
practices in the name <strong>of</strong> the protection <strong>of</strong> privacy and individual<br />
liberties, which would create obstacles to transborder flows <strong>of</strong> personal<br />
data that would exceed requirements for such protection.