Data
Protection (Transfer of Data Outside EEA) - Summary
Aim of the Data Protection Act
In the UK, the Data Protection Act 1998 ("DPA") governs what an organisation can
or cannot do with information about living individuals.
If a data controller sends data about a data subject outside the EEA to a
country which is not deemed adequate without the consent of the data subject,
then the data controller is breach of its obligations under the DPA.
Permitted transfers outside the EEA
Data controllers are not permitted to transfer data outside the EEA except to
approved countries that have a similar level of protection in place.
There is no exemption for intra-group transfers so this would apply, for
example, to a UK company that transferred data obtained from its website to
another company within the group located outside the EEA. Although some
non-EEA countries (such as Canada) have enacted similar laws, the USA obviously
has not done so.
The ‘Safe Harbor'
In order to bridge the US and EU's differing privacy approaches the US
Department of Commerce in consultation with the European Commission developed a
so called "Safe Harbor" framework. The safe harbour scheme was approved
by the EU in July 2000 and is an important way for US companies to avoid the
experience of interruptions in their business dealings with the EU by facing
prosecution by European authorities under European data protection.
Where a recipient country does not have substantive data protection legislation,
an individual's rights can be ensured through other means, such as
constitutional or legal provisions, industry self-regulatory codes of practice,
data security measures or contractual protection.
Contractual Provisions
Particular interest has been shown in the use of contractual terms between the
sender and the recipient of the personal data as a mechanism for achieving
equivalent protection and an EU Commission Decision of 15 June 2001 approved a
set of standard contractual clauses for the transfer of personal data to third
countries.
© Davenport Lyons 2005 All rights reserved
This document reflects the law and practice as at May 2002. It is
general in nature, and does not purport in any way to be
comprehensive or a substitute for specialist legal advice in individual
circumstances.
 Click
here to download a copy of the full guidelines in PDF format
|
