Toolbar-Menü

Entschließung: Resolution on transborder flows of personal data

Proposer: NAIH

Co-sponsor: Dutch Data Protection Authority, Finnish Data Protection Ombudsman

Preamble

Over the last decades, the role of personal data has become increasingly important globally in particular in civil society and the digital economy. Both private and public entities continue to develop as a result of numerous innovations and new technologies which allow data to continuously flow across borders and individuals around the world to access this data.

Recent developments in transborder flows of personal data helped to overcome communication barriers between data controllers and data processors residing in different countries in the world. This has amplified global cultural, economic and public relationships. In this context, it should be borne in mind that the field of transborder data flows could involve the interests of an entire community.

In order to fulfil the effective protection of personal data and balance the inherent risks of transborder data flows, it is essential to create legislative frameworks providing sufficient safeguards with respect to the fundamental rights and freedoms of individuals.

The right to the protection of personal data is a fundamental right of individuals. Data protection authorities have an important role to play in upholding individuals’ rights and in raising public awareness of these rights, particularly in relation to transborder flows.

The European Conference of Data Protection Authorities

  • Noting that Article 8 of the Charter of Fundamental Rights of the European Union establishes the right to data protection, explicitly raised the level of protection to that of a fundamental right in EU law, which requires that this right must be observed and guaranteed by EU institutions and Member States in their interpretation of EU law.
  • Also noting that the OECD Guidelines governing the Protection of Privacy and Transborder Flows of personal Data (2013) emphasizes that the continuous transborder flows of personal data amplify the need for high international data protection standards, as well as a strengthened cooperation among data protection authorities.
  • Also noting that, as reaffirmed in the proposed modernised Convention 108, the Additional Protocol of Convention 108 of the Council of Europe requires an appropriate level of protection when personal data are to be transferred to countries which are not Party to the Convention. Data subjects in Council of Europe Convention 108 Contracting Parties (States) should be given common safeguards for the protection of their rights, and common rovisions shall apply to the disclosure or making available of data to a recipient in a third country who is not subject to the jurisdiction of the Party.
  • Acknowledging that the Court of Justice of the European Union, in its decision dated 6 October 2015, ruled in the Maximilian Schrems v Data Protection Commissioner case that the “Safe Harbor decision” is invalid, and reaffirmed the powers of independent data protection authorities, as described in Article 28 of Directive 95/46.
  • Mindful that, with regard to international transfers of personal data, the CJEU has set a bar of an ‘essentially equivalent’ level of protection to be provided by a third country when assessing adequacy.
  • Also mindful that in the absence of a general level of adequate protection in the third country, in accordance with Directive 95/46/EC the data controller must adduce adequate safeguards for that particular transfer. The issue of transfers of personal data from Europe is inseparable from the necessity to ensure that European standards are respected outside of Europe, especially in case of access, re-use and disclosure by third parties.
  1. Encourages European Data Protection Authorities to raise data subjects’ awareness of their rights in relation to transborder data flows, such as the right of access and the possibilities available for remedies and sanctions.
  2. Invites the European Data Protection Authorities to commit themselves to fulfil their essential role of effective enforcement of data protection rules, and to join forces in order to identify practical issues in light of recent developments in law regarding transborder data flows.
  3. Considers that the EU-U.S. Privacy Shield, seeking to replace the invalidated “Safe Harbor decision”, is of great importance, welcomes the significant improvements of Privacy Shield compared with the Safe Harbor, reinforces the European Commission’s intention to work on further clarifications and improvement and commits to monitor closely further progress of the legislative procedure.
  4. Reminds the European Data Protection Authorities of the importance of a close cooperation, and of the exchange of experiences, especially when it comes to monitoring the developments of technologies related to transborder flow.

Proposer: NAIH

Co-sponsor: Dutch Data Protection Authority, Finnish Data Protection Ombudsman

Preamble

Over the last decades, the role of personal data has become increasingly important globally in particular in civil society and the digital economy. Both private and public entities continue to develop as a result of numerous innovations and new technologies which allow data to continuously flow across borders and individuals around the world to access this data.

Recent developments in transborder flows of personal data helped to overcome communication barriers between data controllers and data processors residing in different countries in the world. This has amplified global cultural, economic and public relationships. In this context, it should be borne in mind that the field of transborder data flows could involve the interests of an entire community.

In order to fulfil the effective protection of personal data and balance the inherent risks of transborder data flows, it is essential to create legislative frameworks providing sufficient safeguards with respect to the fundamental rights and freedoms of individuals.

The right to the protection of personal data is a fundamental right of individuals. Data protection authorities have an important role to play in upholding individuals’ rights and in raising public awareness of these rights, particularly in relation to transborder flows.

The European Conference of Data Protection Authorities

  • Noting that Article 8 of the Charter of Fundamental Rights of the European Union establishes the right to data protection, explicitly raised the level of protection to that of a fundamental right in EU law, which requires that this right must be observed and guaranteed by EU institutions and Member States in their interpretation of EU law.
  • Also noting that the OECD Guidelines governing the Protection of Privacy and Transborder Flows of personal Data (2013) emphasizes that the continuous transborder flows of personal data amplify the need for high international data protection standards, as well as a strengthened cooperation among data protection authorities.
  • Also noting that, as reaffirmed in the proposed modernised Convention 108, the Additional Protocol of Convention 108 of the Council of Europe requires an appropriate level of protection when personal data are to be transferred to countries which are not Party to the Convention. Data subjects in Council of Europe Convention 108 Contracting Parties (States) should be given common safeguards for the protection of their rights, and common rovisions shall apply to the disclosure or making available of data to a recipient in a third country who is not subject to the jurisdiction of the Party.
  • Acknowledging that the Court of Justice of the European Union, in its decision dated 6 October 2015, ruled in the Maximilian Schrems v Data Protection Commissioner case that the “Safe Harbor decision” is invalid, and reaffirmed the powers of independent data protection authorities, as described in Article 28 of Directive 95/46.
  • Mindful that, with regard to international transfers of personal data, the CJEU has set a bar of an ‘essentially equivalent’ level of protection to be provided by a third country when assessing adequacy.
  • Also mindful that in the absence of a general level of adequate protection in the third country, in accordance with Directive 95/46/EC the data controller must adduce adequate safeguards for that particular transfer. The issue of transfers of personal data from Europe is inseparable from the necessity to ensure that European standards are respected outside of Europe, especially in case of access, re-use and disclosure by third parties.
  1. Encourages European Data Protection Authorities to raise data subjects’ awareness of their rights in relation to transborder data flows, such as the right of access and the possibilities available for remedies and sanctions.
  2. Invites the European Data Protection Authorities to commit themselves to fulfil their essential role of effective enforcement of data protection rules, and to join forces in order to identify practical issues in light of recent developments in law regarding transborder data flows.
  3. Considers that the EU-U.S. Privacy Shield, seeking to replace the invalidated “Safe Harbor decision”, is of great importance, welcomes the significant improvements of Privacy Shield compared with the Safe Harbor, reinforces the European Commission’s intention to work on further clarifications and improvement and commits to monitor closely further progress of the legislative procedure.
  4. Reminds the European Data Protection Authorities of the importance of a close cooperation, and of the exchange of experiences, especially when it comes to monitoring the developments of technologies related to transborder flow.
Seite drucken