European Data Protection Supervisor
European Data Protection Supervisor

Transfers of data

Transfers of data

The transfer of personal data outside of the EU is only allowed under certain conditions as set out in Directive 95/46/EC and also in the General Data Protection Regulation which will be fully applicable as of May 2018. If a country is deemed by the European Commission to offer an adequate level of protection, it will be subject to the same rules as an EU Member State, which means that the recipient of the data in that state will not be obliged to take specific measures to allow for the transfer. Transferring data to a country without an adequacy decision requires appropriate safeguards, such as standard contractual clauses or binding corporate rules. Derogations to this rule can be obtained in very specific cases. The European Data Protection Board, of which the EDPS is a member, will provide the Commission with Opinions on this subject.

Filters

Pages

12/11/2020
12
Nov
2020

EDPS opinion on the legal basis for personal data transfers to the European University Institute (Case 2020-0880)

This Opinion relates to the European Court of Auditors (‘the Court of Auditors’) consultation on the legal basis for personal data transfers to the European University Institute.

29/10/2020
29
Oct
2020

Strategy for Union institutions, offices, bodies and agencies to comply with the ‘Schrems II’ Ruling

The present strategy aims to ensure and monitor compliance of European Union Institutions’, bodies, offices and agencies (EUIs) with the Judgement.

29/10/2020
29
Oct
2020

Strategy for EU institutions to comply with “Schrems II” Ruling

The European Data Protection Supervisor (EDPS) issued today a strategic document aiming to monitor compliance of European institutions, bodies, offices and agencies (EUIs) with the “Schrems II” Judgement in relation to transfers of personal data to third countries, and in particular, the United States.

Friday, 17 July, 2020
17
Jul
2020

Newsletter (N°
81
)

In this newsletter, we cover the EDPS Strategy 2020-2024 focusing on Digital Solidarity. As well as, in the context of The Hague Forum, a report on the use of Microsoft products and services by the EUIs. Finally, the EDPS published a report accompanied by a factsheet and video on Data Protection Impact Assessments and the EDPS/EDPB trainees organised a conference on Data Protection in times of COVID-19.
17/07/2020
17
Jul
2020
03/07/2020
3
Jul
2020

EDPS comments on the model working arrangements between the European and Coast Guard Agency and the authorities of third countries

EDPS comments on the model for working arrangements to be concluded by the European Border and Coast Guard Agency with the authorities of third countries.

06/05/2020
6
May
2020

Consultation on agreement for payroll services for local employees in a third country

EDPS Letter Consultation on agreement for payroll services for local employees in a third country

31/01/2020
31
Jan
2020

International agreement on exchange of personal data between Europol and New Zealand

EDPS Opinion on the negotiating mandate to conclude an international agreement on the exchange of personal data between Europol and New Zealand law enforcement authorities

18/07/2019
18
Jul
2019

International data transfers after Brexit

Information note on international data transfers after Brexit.

10/07/2019
10
Jul
2019

EDPB-EDPS Joint Response on the US Cloud Act

EDPB-EDPS Joint Response to the LIBE Committee on the impact of the US Cloud Act on the European legal framework for personal data protection

AnnexPDF icon
23/05/2019
23
May
2019

Application of data protection clauses in EUI contracts

Letter concerning a consultation on the application of data protection clauses in EUI contracts.

Tags:
13/03/2019
13
Mar
2019

IOSCO-ESMA Administrative Arrangement - ESMA

EDPS Decision of 13 March 2019 concerning the use of the IOSCO-ESMA Administrative Arrangement by the European Securities and Markets Authority.

19/09/2018
19
Sep
2018

Selection of confidential counsellors and informal procedures for cases of harassment

Prior-checking Opinion regarding the selection of confidential counsellors and informal procedures for cases of harassment at EIF (EDPS cases 2017-1042 and 2017-1043)

24/07/2018
24
Jul
2018

EDPS Comments on review of OLAF Regulation

Formal comments of the EDPS on the Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU, Euratom) No 883/2013 concerning investigations conducted by the European Anti-Fraud Office (OLAF) as regards cooperation with the European public Prosecutor’s Office and the effectiveness of OLAF investigations.

17/01/2018
17
Jan
2018

Transfers of personal data - ECDC

EDPS Decision pursuant to Article 9(7) of Regulation (EC) No 45/2001 concerning the transfers of personal data carried out by the European Centre for Disease Prevention and Control (ECDC) to the World Health Organization (WHO) (Case 2017-1120)

15/12/2017
15
Dec
2017

EU High Level Advisers programme in Moldova – EEAS / EC

The EU High Level Advisers programme in Moldova aims to draw on the experience of expert senior officials in EU Member States to help Moldova meet its commitments related to agreements with the EU. The programme is run by the Commission and the EU Delegation in Moldova. A service provider helps to implement the programme in Moldova. The candidate High Level Advisers are selected by the Commission and the Delegation and after the endorsement by Moldovan authorities are recruited by the service provider. In consultation with the Moldovan authorities, the service provider annually evaluates the High Level Advisers on their performance. Following this, the Delegation decides whether to extend the High Level Advisers' contracts. All this entails the processing of personal data by the Commission, the Delegation, the service provider and Moldovan authorities.
The Commission and the Delegation are the co-controllers for the processing of personal data in the High Level Advisers programme and need to clearly define their respective obligations. They should also set up a framework for exchanging the personal data of candidate and recruited High Level Advisers with the Moldovan authorities. The Delegation needs to clarify their respective data protection obligations with the service provider. The candidate and recruited High Level Advisers need to be properly informed about how their personal data is processed in the EU High Level Advisers programme in Moldova.

Wednesday, 27 September, 2017
27
Sep
2017

Newsletter (N°
53
)

In the September 2017 edition of the EDPS Newsletter we cover the EDPS Opinion on the digital single gateway, the investigation of complaints relating to medical data and the latest developments in privacy engineering.
01/08/2017
1
Aug
2017

Digital single gateway and the 'once-only' principle

EDPS Opinion on the proposal for a Regulation establishing a single digital gateway and the ‘once-only’ principle

01/08/2017
1
Aug
2017

A digital Europe needs data protection

The successful implementation of an EU-wide once-only principle to enable the lawful exchange of data across EU borders depends on ensuring that the relevant data protection principles are respected, the European Data Protection Supervisor (EDPS) said today, as he published his Opinion on the Commission’s proposal for a Regulation establishing a single digital gateway and the once-only principle.

04/04/2017
4
Apr
2017

360° tool - feedback and leadership competencies - EC/OIB

Prior check opinion on the notification of the OIB’s "360° tool - feedback and leadership competencies” (Case 2016-1130 / DPO-3868.1)

The Office for Infrastructure and Logistics in Brussels (OIB) has a development programme for managers using a 360° feedback tool. Managers participate on a voluntary basis in the exercise, in which their staff members, peers and superiors who agree to give feedback get to rate the manager. This allows managers to obtain anonymous feedback on their management and leadership style and to improve their management and leadership skills.

Two external providers cooperate with OIB in this exercise: a subcontractor collects individual evaluation responses per line manager through an online questionnaire and automatically generates reports; the contractor provides for individual coaching sessions to the managers. The specific roles and tasks of these two processors should be are clearly mentioned in the data protection statement. The subcontractor’s data centre is located in the United Kingdom. Forwardlooking, the EDPS highlights that future transfers might come under Article 9 of the Regulation requiring an adequate level of protection within the recipient's legal framework for transfers to third countries. In this issue, see pp.12-13 of EDPS Position paper on transfers to third countries and international organisations by EU institutions and bodies.

Pages