Regulation of Transborder Data Flows under ... - Tilburg University

More documents

Recommendations

Info

Kuner/Regulation of Transborder Data Flows under Data Protection and Privacy Law 60 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980) penalties; (b) the receiving authority in the third State or receiving international body is responsible for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties; (c) the Member State from which the data were obtained has given its consent to transfer in compliance with its national law; and (d) the third State or international body concerned ensures an adequate level of protection for the intended data processing. 2. Transfer without prior consent in accordance with paragraph 1(c) shall be permitted only if transfer of the data is essential for the prevention of an immediate and serious threat to public security of a Member State or a third State or to essential interests of a Member State and the prior consent cannot be obtained in good time. The authority responsible for giving consent shall be informed without delay. 3. By way of derogation from paragraph 1(d), personal data may be transferred if: (a) the national law of the Member State transferring the data so provides because of: (i) legitimate specific interests of the data subject; or (ii) legitimate prevailing interests, especially important public interests; or (b) the third State or receiving international body provides safeguards which are deemed adequate by the Member State concerned according to its national law. 4. The adequacy of the level of protection referred to in paragraph 1(d) shall be assessed in the light of all the circumstances surrounding a data transfer operation or a set of data transfer operations. Particular consideration shall be given to the nature of the data, the purpose and duration of the proposed processing operation or operations, the State of origin and the State or international body of final destination of the data, the rules of law, both general and sectoral, in force in the third State or international body in question and the professional rules and security measures which apply. 15. Member countries should take into consideration the implications for other Member countries of domestic processing and re-export of personal data. 16. Member countries should take all reasonable and appropriate steps to ensure that transborder flows of personal data, including transit through a Member country, are uninterrupted and secure. 17. A Member country should refrain from restricting transborder flows of personal data between itself and another Member country except where the latter does not yet substantially observe these Guidelines or where the re-export of such data would circumvent its domestic privacy legislation. A Member country may also impose restrictions in respect of certain categories of personal data for which its domestic privacy legislation includes specific regulations in view of the nature of those data and for which the other Member country provides no equivalent protection. 18. Member countries should avoid developing laws, policies and practices in the name of the protection of privacy and individual liberties, which would create obstacles to transborder flows of personal data that would exceed requirements for such protection.
Kuner/Regulation of Transborder Data Flows under Data Protection and Privacy Law 61 B. National data protection and privacy legislation in force Country Source Text or translation (excerpts; notes are given in italics) EU and EEA Member States EU Data Protection Directive 95/46/EC, Articles 25 and 26 (see above under ‘European Union’) Local or regional data protection laws in many EU Member States regulate transborder data flows The 27 EU Member States (Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom) and the three EEA Member States (Iceland, Liechtenstein, and Norway) have all adopted the provisions of the EU Data Protection Directive (including restrictions on transborder data flows) and implemented them into their national laws. For example: German federal state of Hessen, Hessisches Datenschutzgesetz (applies only to the public law sector and entities subject to public law): § 17: (1) The provisions of this Act apply to the permissibility of transferring personal data within the area of application of the EU Data Protection Directive. (2) A transfer to recipients outside the area listed in para. 1 is only permissible based on this Act if it exclusively accrues to the benefit of the individual or an adequate level of data protection with the recipient is assured. The DPA of Hessen is to be consulted before any decision about adequacy is made. If an adequate level of protection is not assured, then personal data may only be transferred if: 1. the individual has consented; 2. the transfer is necessary for protection of an overriding public interest or to assert, exercise or defend legal claims before a court; 3. the transfer is necessary to protect the vital interests of the individual, or 4. the transfer is conducted from a register designed for the information of the public and that is accessible either by the public or by all persons who can show a legitimate interest in consulting it, insofar as the legal requirements are fulfilled in a particular case. The recipient to whom the data are transferred must be informed that the transferred data may only be processed for purposes that are consistent with those for the fulfilment of which the data are being transferred.
Page 1 and 2:
TILT (TILBURG INSTITUTE FOR LAW, TE
Page 3 and 4:
Kuner/Regulation of Transborder Dat
Page 5 and 6:
Page 7 and 8:
Page 9 and 10: Kuner/Regulation of Transborder Dat
Page 59: Kuner/Regulation of Transborder Dat
show all

Regulation of Transborder Data Flows under ... - Tilburg University

Create successful ePaper yourself

Delete template?

Save as template?