Regulation of Transborder Data Flows under ... - Tilburg University

More documents

Recommendations

Info

Kuner/Regulation of Transborder Data Flows under Data Protection and Privacy Law 66 Country Source Text or translation (excerpts; notes are given in italics) Canada Federal level: Interpretation by Canadian courts and regulators of the Personal Information Protection and Electronic Documents Act (PIPEDA) See Office of the Privacy Commissioner of Canada, ‘Guidelines for Processing Personal Data across Borders’ (2009) 5, : ‘PIPEDA does not prohibit organizations in Canada from transferring personal information to an organization in another jurisdiction for processing. However under PIPEDA, organizations are held accountable for the protection of personal information transfers under each individual outsourcing arrangement’. Provincial level: Alberta: Personal Information Protection and Electronic Documents Act, § 40(1)(g)--permits the disclosure of personal information controlled by a public body in response to a subpoena, warrant or order issued by a court only when the court has ‘jurisdiction in Alberta’ British Columbia: Freedom of Information and Protection of Privacy Amendment Act, § 30.1--requires each public body to ensure that ‘personal information in its custody or under its control is stored only in Canada and accessed only in Canada’; some exceptions are provided Nova Scotia: Personal Information International Disclosure Protection Act (2006), § 5(1)--requires that a public body ensure that ‘personal information in its custody or under its control…is stored only in Canada and accessed only in Canada’; some exceptions are provided Québec: 1. Act Respecting Access to Documents Held by Public Bodies and the Protection of Personal Information (2006), § 70.1--requires that before ‘releasing personal information outside Québec or entrusting a person or a body outside Québec with the task of holding, using or releasing such information on its behalf’, public bodies must ensure that the information receives protection ‘equivalent’ to that afforded under provincial law 2. Act Respecting the Protection of Personal Information in the Private Sector, § 17--provides that an organization doing business in Québec that entrusts a person outside Québec with ‘holding, using or communicating such information on its behalf’ must take ‘all reasonable steps to ensure’ that the information will be used only for the purposes for which consent was obtained and will not be ‘communicated to third parties’ without such consent Colombia Law 1266 of 2008 Article 5. Circulation of information The personal information collected or provided as established by law to the operators, which is part of the managed data bank, may be provided orally, in writing, or placed at the disposal of the following individuals and in the following terms:…(f)…If the receiver of the information were a foreign data bank, the delivery without authorization of the data subject may only be made leaving written evidence of the delivery of the information and upon prior verification by the operator that the laws of the respective country or the receiver provide sufficient guarantees for the protection of the rights of the data subject.
Kuner/Regulation of Transborder Data Flows under Data Protection and Privacy Law 67 Country Source Text or translation (excerpts; notes are given in italics) Croatia Act on Personal Data Protection (12 June 2003), no. 1364-2003 (as amended by Act on Amendments to the Personal Data Protection Act, No. 2616-2006) Article 13 - Personal data transfer abroad from the Republic of Croatia Personal data filing systems or personal data contained in personal data filing systems may be transferred abroad from the Republic of Croatia for further processing only if the state or the international organization the personal data is being transferred to have adequately regulated the legal protection of personal data and have ensured an adequate level of protection. Prior to transferring personal data abroad from the Republic of Croatia, the personal data filing system controller shall, in case of reasonable doubt regarding the existence of adequate personal data protection system or whether an adequate level of protection is in place, obtain an opinion regarding this issue from the Personal Data Protection Agency. The adequate level of protection which is provided by the state or by an international organisation shall be evaluated in terms of the circumstances connected with the presentation of personal data, and in particular in terms of the type of the data concerned, the purpose and duration of the processing thereof, the country to which the data refer, the legal provisions in force in the country in question, and the professional rules and security measures applicable in the country concerned. By way of derogation from paragraph 1 of this Article, personal data forming part of personal data filing systems may be taken out of the Republic of Croatia to states or to international organisations which do not provide for an adequate level of protection within the meaning of paragraph 2 of this Article only in the following cases: – if the data subject consents to the transfer of the personal data, – if the transfer is essential to protect the life or the physical well-being of the data subject, or – if the personal data filing system controller provides sufficient guarantees regarding the protection of privacy and the fundamental rights and freedoms of individuals, which might arise from the contractual provisions, for which the Personal Data Protection Agency establishes that they are appropriate in accordance with the valid regulations which regulate the protection of personal data. Article 34 - Notification requirement If during supervision the Agency determines that legal provisions establishing personal data processing have been violated, it shall be entitled to warn or notify the personal data filing system controller about the irregularities in the personal data processing and issue a decision prohibiting the transfer of personal data abroad from the Republic of Croatia…
Page 1 and 2:
TILT (TILBURG INSTITUTE FOR LAW, TE
Page 3 and 4:
Kuner/Regulation of Transborder Dat
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16: Kuner/Regulation of Transborder Dat
Page 65: Kuner/Regulation of Transborder Dat
show all

Regulation of Transborder Data Flows under ... - Tilburg University

Create successful ePaper yourself

Delete template?

Save as template?