Regulation of Transborder Data Flows under ... - Tilburg University
Regulation of Transborder Data Flows under ... - Tilburg University
Regulation of Transborder Data Flows under ... - Tilburg University
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Kuner/<strong>Regulation</strong> <strong>of</strong> <strong>Transborder</strong> <strong>Data</strong> <strong>Flows</strong> <strong>under</strong> <strong>Data</strong> Protection and Privacy Law 86<br />
Name Source Text or translation (excerpts; notes are given in italics)<br />
European<br />
Union and<br />
United States<br />
Decision (EC)<br />
2000/520 <strong>of</strong> 26 July<br />
2000 [2000], OJ<br />
L215/7<br />
Agreement between<br />
the European Union<br />
and the United States<br />
<strong>of</strong> America on the<br />
processing and<br />
transfer <strong>of</strong> Passenger<br />
Name Record (PNR)<br />
data by air carriers to<br />
the United States<br />
Department <strong>of</strong><br />
Homeland Security<br />
(DHS) (2007 PNR<br />
Agreement), [2007]<br />
OJ L204/18<br />
Agreement between<br />
the European Union<br />
and the United States<br />
<strong>of</strong> America on the<br />
processing and<br />
transfer <strong>of</strong> Financial<br />
Messaging <strong>Data</strong> from<br />
the European Union to<br />
the United States for<br />
purposes <strong>of</strong> the<br />
Terrorist Finance<br />
Tracking Program,<br />
[2010] OJ L8/11<br />
Reports by the High<br />
Level Contact Group<br />
(HLCG) on<br />
information sharing<br />
and privacy and<br />
personal data<br />
protection, 23<br />
November 2009,<br />
<br />
least the same level <strong>of</strong> privacy protection as is required by the relevant<br />
Principles. If the organization complies with these requirements, it shall<br />
not be held responsible (unless the organization agrees otherwise) when a<br />
third party to which it transfers such information processes it in a way<br />
contrary to any restrictions or representations, unless the organization<br />
knew or should have known the third party would process it in such a<br />
contrary way and the organization has not taken reasonable steps to<br />
prevent or stop such processing.<br />
Recital 3<br />
DHS shall process PNR data received and treat data subjects concerned<br />
by such processing in accordance with applicable US laws, constitutional<br />
requirements, and without unlawful discrimination, in particular on the<br />
basis <strong>of</strong> nationality and country <strong>of</strong> residence. The DHS’s letter sets forth<br />
these and other safeguards.<br />
Article 5, proving protections to personal data transferred from the EU to<br />
the US for the purposes <strong>of</strong> the Terrorist Finance Tracking Program.<br />
Principle 12<br />
Where personal information is transmitted or made available by a<br />
competent authority <strong>of</strong> the sending country or by private parties in<br />
accordance with the domestic law <strong>of</strong> the sending country to a competent<br />
authority <strong>of</strong> the receiving country, the competent authority <strong>of</strong> the<br />
receiving country may only authorise or carry out an onward transfer <strong>of</strong><br />
this information to a competent authority <strong>of</strong> a third country if permitted<br />
<strong>under</strong> its domestic law and in accordance with existing applicable<br />
international agreements and international arrangements between the<br />
sending and receiving country. In the absence <strong>of</strong> such international<br />
agreements and international arrangements, such transfers should<br />
moreover support legitimate public interests consisting <strong>of</strong>: national<br />
security, defence, public security, the prevention, investigation, detection