European Data Protection Supervisor
European Data Protection Supervisor

Transfers of data

Transfers of data

The transfer of personal data outside of the EU is only allowed under certain conditions as set out in Directive 95/46/EC and also in the General Data Protection Regulation which will be fully applicable as of May 2018. If a country is deemed by the European Commission to offer an adequate level of protection, it will be subject to the same rules as an EU Member State, which means that the recipient of the data in that state will not be obliged to take specific measures to allow for the transfer. Transferring data to a country without an adequacy decision requires appropriate safeguards, such as standard contractual clauses or binding corporate rules. Derogations to this rule can be obtained in very specific cases. The European Data Protection Board, of which the EDPS is a member, will provide the Commission with Opinions on this subject.

Filters

Pages

18/07/2019
18
Jul
2019

International data transfers after Brexit

Information note on international data transfers after Brexit.

10/07/2019
10
Jul
2019

EDPB-EDPS Joint Response on the US Cloud Act

EDPB-EDPS Joint Response to the LIBE Committee on the impact of the US Cloud Act on the European legal framework for personal data protection

AnnexPDF icon
23/05/2019
23
May
2019

Application of data protection clauses in EUI contracts

Letter concerning a consultation on the application of data protection clauses in EUI contracts.

Tags:
13/03/2019
13
Mar
2019

IOSCO-ESMA Administrative Arrangement - ESMA

EDPS Decision of 13 March 2019 concerning the use of the IOSCO-ESMA Administrative Arrangement by the European Securities and Markets Authority.

19/09/2018
19
Sep
2018

Selection of confidential counsellors and informal procedures for cases of harassment

Prior-checking Opinion regarding the selection of confidential counsellors and informal procedures for cases of harassment at EIF (EDPS cases 2017-1042 and 2017-1043)

24/07/2018
24
Jul
2018

EDPS Comments on review of OLAF Regulation

Formal comments of the EDPS on the Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU, Euratom) No 883/2013 concerning investigations conducted by the European Anti-Fraud Office (OLAF) as regards cooperation with the European public Prosecutor’s Office and the effectiveness of OLAF investigations.

17/01/2018
17
Jan
2018

Transfers of personal data - ECDC

EDPS Decision pursuant to Article 9(7) of Regulation (EC) No 45/2001 concerning the transfers of personal data carried out by the European Centre for Disease Prevention and Control (ECDC) to the World Health Organization (WHO) (Case 2017-1120)

15/12/2017
15
Dec
2017

EU High Level Advisers programme in Moldova – EEAS / EC

The EU High Level Advisers programme in Moldova aims to draw on the experience of expert senior officials in EU Member States to help Moldova meet its commitments related to agreements with the EU. The programme is run by the Commission and the EU Delegation in Moldova. A service provider helps to implement the programme in Moldova. The candidate High Level Advisers are selected by the Commission and the Delegation and after the endorsement by Moldovan authorities are recruited by the service provider. In consultation with the Moldovan authorities, the service provider annually evaluates the High Level Advisers on their performance. Following this, the Delegation decides whether to extend the High Level Advisers' contracts. All this entails the processing of personal data by the Commission, the Delegation, the service provider and Moldovan authorities.
The Commission and the Delegation are the co-controllers for the processing of personal data in the High Level Advisers programme and need to clearly define their respective obligations. They should also set up a framework for exchanging the personal data of candidate and recruited High Level Advisers with the Moldovan authorities. The Delegation needs to clarify their respective data protection obligations with the service provider. The candidate and recruited High Level Advisers need to be properly informed about how their personal data is processed in the EU High Level Advisers programme in Moldova.

Wednesday, 27 September, 2017
27
Sep
2017

Newsletter (N°
53
)

In the September 2017 edition of the EDPS Newsletter we cover the EDPS Opinion on the digital single gateway, the investigation of complaints relating to medical data and the latest developments in privacy engineering.
01/08/2017
1
Aug
2017

Digital single gateway and the 'once-only' principle

EDPS Opinion on the proposal for a Regulation establishing a single digital gateway and the ‘once-only’ principle

01/08/2017
1
Aug
2017

A digital Europe needs data protection

The successful implementation of an EU-wide once-only principle to enable the lawful exchange of data across EU borders depends on ensuring that the relevant data protection principles are respected, the European Data Protection Supervisor (EDPS) said today, as he published his Opinion on the Commission’s proposal for a Regulation establishing a single digital gateway and the once-only principle.

04/04/2017
4
Apr
2017

360° tool - feedback and leadership competencies - EC/OIB

Prior check opinion on the notification of the OIB’s "360° tool - feedback and leadership competencies” (Case 2016-1130 / DPO-3868.1)

The Office for Infrastructure and Logistics in Brussels (OIB) has a development programme for managers using a 360° feedback tool. Managers participate on a voluntary basis in the exercise, in which their staff members, peers and superiors who agree to give feedback get to rate the manager. This allows managers to obtain anonymous feedback on their management and leadership style and to improve their management and leadership skills.

Two external providers cooperate with OIB in this exercise: a subcontractor collects individual evaluation responses per line manager through an online questionnaire and automatically generates reports; the contractor provides for individual coaching sessions to the managers. The specific roles and tasks of these two processors should be are clearly mentioned in the data protection statement. The subcontractor’s data centre is located in the United Kingdom. Forwardlooking, the EDPS highlights that future transfers might come under Article 9 of the Regulation requiring an adequate level of protection within the recipient's legal framework for transfers to third countries. In this issue, see pp.12-13 of EDPS Position paper on transfers to third countries and international organisations by EU institutions and bodies.

07/12/2016
7
Dec
2016

Import, Export and Transit Directory - OLAF

Prior Checking Opinion on the Import, Export and Transit Directory (IET) (Case 2016-0674 and 2013-1296)

07/11/2016
7
Nov
2016

Privacy in an age of hyperconnectivity

Keynote speech by Giovanni Buttarelli to the Privacy and Security Conference 2016, Rust am Neusiedler See, Austria

03/06/2016
3
Jun
2016

Transfers of personal data in supervisory activities - ECB

EDPS Decision pursuant to Article 9(7) of Regulation (EC) No 45/2001 concerning the transfers of personal data carried out by the European Central Bank for its supervisory activities (Case 2016-0308)

18/03/2016
18
Mar
2016

European Border and Coast Guard Regulation

EDPS' recommendations on the proposed European Border and Coast Guard Regulation

10/03/2016
10
Mar
2016

Use of a US-based company for sending out alerts and newsletters - EEAS

Letter on the use of a US-based company for sending out alerts and newsletters at the European External Action Service (Case 2015-1122)

12/02/2016
12
Feb
2016

EU-US Umbrella Agreement

Preliminary Opinion on the agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection and prosecution of criminal offences

22/01/2016
22
Jan
2016

EDPS: EU Institutions making steady progress

The EU institutions and bodies are making steady progress implementing data protection rules. This is the conclusion of the report published yesterday by the European Data Protection Supervisor (EDPS) on his latest stocktaking exercise.

07/01/2016
7
Jan
2016

Priorities for 2016: The EDPS as an advisor to the EU Institutions

As 2015 drew to a close, the European Data Protection Supervisor (EDPS) published his Priorities for the policy and consultation activities of the organisation for 2016.

Pages