Regulation of Transborder Data Flows under ... - Tilburg University

More documents

Recommendations

Info

Kuner/Regulation of Transborder Data Flows under Data Protection and Privacy Law 86 Name Source Text or translation (excerpts; notes are given in italics) European Union and United States Decision (EC) 2000/520 of 26 July 2000 [2000], OJ L215/7 Agreement between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the United States Department of Homeland Security (DHS) (2007 PNR Agreement), [2007] OJ L204/18 Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for purposes of the Terrorist Finance Tracking Program, [2010] OJ L8/11 Reports by the High Level Contact Group (HLCG) on information sharing and privacy and personal data protection, 23 November 2009, least the same level of privacy protection as is required by the relevant Principles. If the organization complies with these requirements, it shall not be held responsible (unless the organization agrees otherwise) when a third party to which it transfers such information processes it in a way contrary to any restrictions or representations, unless the organization knew or should have known the third party would process it in such a contrary way and the organization has not taken reasonable steps to prevent or stop such processing. Recital 3 DHS shall process PNR data received and treat data subjects concerned by such processing in accordance with applicable US laws, constitutional requirements, and without unlawful discrimination, in particular on the basis of nationality and country of residence. The DHS’s letter sets forth these and other safeguards. Article 5, proving protections to personal data transferred from the EU to the US for the purposes of the Terrorist Finance Tracking Program. Principle 12 Where personal information is transmitted or made available by a competent authority of the sending country or by private parties in accordance with the domestic law of the sending country to a competent authority of the receiving country, the competent authority of the receiving country may only authorise or carry out an onward transfer of this information to a competent authority of a third country if permitted under its domestic law and in accordance with existing applicable international agreements and international arrangements between the sending and receiving country. In the absence of such international agreements and international arrangements, such transfers should moreover support legitimate public interests consisting of: national security, defence, public security, the prevention, investigation, detection
Kuner/Regulation of Transborder Data Flows under Data Protection and Privacy Law 87 Name Source Text or translation (excerpts; notes are given in italics) Infocomm Development Authority of Singapore (IDA) and the National Trust Council of Singapore (NTC) Madrid Resolution Treasury Board of Canada Voluntary Model Data Protection Code for the Private Sector (Version 1.3 final) International Standards on the Protection of Personal Data and Privacy (non-binding) Taking Privacy into Account before Making Contracting Decisions (2006) and prosecution of criminal offences, breaches of ethics of regulated professions, or the protection of the data subject. In all cases transfers should be fully consistent with these common principles, especially the limitation/purpose specification. Principle 4.1.1 Where data are to be transferred to someone (other than the individual or the organisation or its employees), the organisation shall take reasonable steps to ensure that the data which is to be transferred will not be processed inconsistently with this Model Code. NOTE: The Implementation and Operational Guidelines to the provision explain that ‘the restrictions on the onward transfers of personal data under this principle apply to transfers to another organisation whether the organisation is located in Singapore or not’. 15 International Transfers 1. As a general rule, international transfers of personal data may be carried out when the State to which such data are transmitted affords, as a minimum, the level of protection provided for in this Document. 2. It will be possible to carry out international transfers of personal data to States that do not afford the level of protection provided for in this document where those who expect to transmit such data guarantee that the recipient will afford such level of protection; such guarantee may for example result from appropriate contractual clauses. In particular, where the transfer is carried out within corporations or multinational groups, such guarantees may be contained in internal privacy rules, compliance with which is mandatory. 3. Moreover, national legislation applicable to those who expect to transmit data may permit an international transfer of personal data to States that do not afford the level of protection provided for in this Document, where necessary and in the interest of the data subject in the framework of a contractual relationship, to protect the vital interests of the data subject or of another person, or when legally required on important public interest grounds. Applicable national legislation may confer powers on the supervisory authorities referred to in section 23 to authorize some or all of the international transfers falling within their jurisdiction, before they are carried out. In any case, those who expect to carry out an international transfer of personal data should be capable of demonstrating that the transfer complies with the guarantees provided for in this Document and in particular where required by the supervisory authorities pursuant to the powers laid down in paragraph 23.2. Guidance which requires public bodies when contracting (including situations when this will result in personal data being transferred outside of Canada) to apply a context-specific test regarding the risk to privacy, under which agencies are to evaluate the following factors: --the sensitivity of the personal information, including whether the information is detailed or highly personal, and the context in which it was collected; --the expectations of the individuals to whom the personal information relates; and --the potential injury if personal information is wrongfully disclosed or misused, including the potential for identity theft or access by foreign governments
Page 1 and 2:
TILT (TILBURG INSTITUTE FOR LAW, TE
Page 3 and 4:
Kuner/Regulation of Transborder Dat
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36: Kuner/Regulation of Transborder Dat
Page 85: Kuner/Regulation of Transborder Dat
show all

Regulation of Transborder Data Flows under ... - Tilburg University

Create successful ePaper yourself

Delete template?

Save as template?