European Data Protection Supervisor
European Data Protection Supervisor

Transfers of data

Transfers of data

The transfer of personal data outside of the EU is only allowed under certain conditions as set out in Directive 95/46/EC and also in the General Data Protection Regulation which will be fully applicable as of May 2018. If a country is deemed by the European Commission to offer an adequate level of protection, it will be subject to the same rules as an EU Member State, which means that the recipient of the data in that state will not be obliged to take specific measures to allow for the transfer. Transferring data to a country without an adequacy decision requires appropriate safeguards, such as standard contractual clauses or binding corporate rules. Derogations to this rule can be obtained in very specific cases. The European Data Protection Board, of which the EDPS is a member, will provide the Commission with Opinions on this subject.

Filters

Pages

19/09/2018
19
Sep
2018

Selection of confidential counsellors and informal procedures for cases of harassment

Prior-checking Opinion regarding the selection of confidential counsellors and informal procedures for cases of harassment at EIF (EDPS cases 2017-1042 and 2017-1043)

 

24/07/2018
24
Jul
2018

EDPS Comments on review of OLAF Regulation

Formal comments of the EDPS on the Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU, Euratom) No 883/2013 concerning investigations conducted by the European Anti-Fraud Office (OLAF) as regards cooperation with the European public Prosecutor’s Office and the effectiveness of OLAF investigations.

17/01/2018
17
Jan
2018

Transfers of personal data - ECDC

EDPS Decision pursuant to Article 9(7) of Regulation (EC) No 45/2001 concerning the transfers of personal data carried out by the European Centre for Disease Prevention and Control (ECDC) to the World Health Organization (WHO) (Case 2017-1120)

15/12/2017
15
Dec
2017

EU High Level Advisers programme in Moldova – EEAS / EC

Joint prior-checking Opinion concerning the EU High Level Advisers programme in Moldova (EDPS cases 2016-0505 and 2017-0712)

Wednesday, 27 September, 2017
27
Sep
2017

Newsletter (N°
53
)

In the September 2017 edition of the EDPS Newsletter we cover the EDPS Opinion on the digital single gateway, the investigation of complaints relating to medical data and the latest developments in privacy engineering.
01/08/2017
1
Aug
2017

Digital single gateway and the 'once-only' principle

EDPS Opinion on the proposal for a Regulation establishing a single digital gateway and the ‘once-only’ principle

01/08/2017
1
Aug
2017

A digital Europe needs data protection

The successful implementation of an EU-wide once-only principle to enable the lawful exchange of data across EU borders depends on ensuring that the relevant data protection principles are respected, the European Data Protection Supervisor (EDPS) said today, as he published his Opinion on the Commission’s proposal for a Regulation establishing a single digital gateway and the once-only principle.

04/04/2017
4
Apr
2017

360° tool - feedback and leadership competencies - EC/OIB

Prior check opinion on the notification of the OIB’s "360° tool - feedback and leadership competencies” (Case 2016-1130 / DPO-3868.1)

The Office for Infrastructure and Logistics in Brussels (OIB) has a development programme for managers using a 360° feedback tool. Managers participate on a voluntary basis in the exercise, in which their staff members, peers and superiors who agree to give feedback get to rate the manager. This allows managers to obtain anonymous feedback on their management and leadership style and to improve their management and leadership skills.

Two external providers cooperate with OIB in this exercise: a subcontractor collects individual evaluation responses per line manager through an online questionnaire and automatically generates reports; the contractor provides for individual coaching sessions to the managers. The specific roles and tasks of these two processors should be are clearly mentioned in the data protection statement. The subcontractor’s data centre is located in the United Kingdom. Forwardlooking, the EDPS highlights that future transfers might come under Article 9 of the Regulation requiring an adequate level of protection within the recipient's legal framework for transfers to third countries. In this issue, see pp.12-13 of EDPS Position paper on transfers to third countries and international organisations by EU institutions and bodies.

07/12/2016
7
Dec
2016

Import, Export and Transit Directory - OLAF

Prior Checking Opinion on the Import, Export and Transit Directory (IET) (Case 2016-0674 and 2013-1296)

07/11/2016
7
Nov
2016

Privacy in an age of hyperconnectivity

Keynote speech by Giovanni Buttarelli to the Privacy and Security Conference 2016, Rust am Neusiedler See, Austria

03/06/2016
3
Jun
2016

Transfers of personal data in supervisory activities - ECB

EDPS Decision pursuant to Article 9(7) of Regulation (EC) No 45/2001 concerning the transfers of personal data carried out by the European Central Bank for its supervisory activities (Case 2016-0308)

18/03/2016
18
Mar
2016

European Border and Coast Guard Regulation

EDPS' recommendations on the proposed European Border and Coast Guard Regulation

10/03/2016
10
Mar
2016

Use of a US-based company for sending out alerts and newsletters - EEAS

Letter on the use of a US-based company for sending out alerts and newsletters at the European External Action Service (Case 2015-1122)

12/02/2016
12
Feb
2016

EU-US Umbrella Agreement

Preliminary Opinion on the agreement between the United States of America and the European Union on the protection of personal information relating to the prevention, investigation, detection and prosecution of criminal offences

22/01/2016
22
Jan
2016

EDPS: EU Institutions making steady progress

The EU institutions and bodies are making steady progress implementing data protection rules. This is the conclusion of the report published yesterday by the European Data Protection Supervisor (EDPS) on his latest stocktaking exercise.

07/01/2016
7
Jan
2016

Priorities for 2016: The EDPS as an advisor to the EU Institutions

As 2015 drew to a close, the European Data Protection Supervisor (EDPS) published his Priorities for the policy and consultation activities of the organisation for 2016.

07/10/2015
7
Oct
2015

Keynote address at Annual Privacy Forum 2015

Keynote address by Giovanni Buttarelli to ENISA Annual Privacy Forum 2015, Luxembourg.

08/07/2015
8
Jul
2015

EU-Switzerland agreement on the automatic exchange of tax information

Opinion on the EU-Switzerland agreement on the automatic exchange of tax information

03/07/2015
3
Jul
2015

Risk Analysis - Frontex

Opinion on a notification for prior checking received from the Data Protection Officer of Frontex concerning the Processing of Personal Data for Risk Analysis (PeDRA) (Case 2015-0346)

Update of the notification for prior checking opinion received from the Data Protection Office of Frontex PDF icon
02/07/2015
2
Jul
2015

2014 Annual Report - EU Data Protection Reform: a historic opportunity for Europe

2014 was a year of transition for the EDPS, marked by the delayed selection and appointment of a new Supervisor and Assistant Supervisor. Despite the resulting uncertainty, the EDPS under the calm authority and tireless efforts of Peter Hustinx, whose 10-year tenure as EDPS drew to a close in 2014, continued to make significant progress in mainstreaming data protection in EU policymaking.

Building on this legacy, the EDPS' priorities for 2015, as part of the five year strategy of the dynamic team of new Supervisors, is to help the EU to speak with one voice on data protection to uphold the rights and interests of the individual in our digitalised society. To this end, the adoption of the data protection reform will be a significant milestone for Europe and an important message to the rest of the world.

Full text of the Annual Report:PDF icon

Pages