Harmonising the transfer of data
EU attempts to ensure people have 'adequate protection' when sending personal data from one country to another are well intentioned, says Laurence Jacobs, but special consideration has to be made for countries with different privacy laws
In 1995 the European Union (EU) adopted the Data Protection Directive 95/46/EC. Its general objective was to harmonise the way in which personal data could be processed in the EU member states. Article 25 is a key provision of the directive which prohibits the transfer of personal data to a third country unless that country ensures an “adequate level of protection” (i.e. similar protection to that set out in the directive).There was immediately a problem in relation to the US, where there is a variety of existing privacy legislation. It was widely accepted that the US legislation did not meet the EU’s requirements for “adequate protection”. As such, there was a real concern that businesses based in the EU would not be able to transfer data to the US and this would have a significant impact on trade and the free movement of information about individuals. In some cases this problem could be resolved if the European and US parties entered into a specific contract to protect the use of personal data. While this worked for intragroup transfers and other particular relationships, it was widely felt that a more comprehensive solution should be found. During lengthy negotiations, the US issued a compromise proposal, known as the ‘Safe Harbor Principles’, which largely follows the EU requirements giving individuals the right to: 1. receive notification of how personal data isto be used; 2. object to the transfer of data to third parties or to the use of the data for unauthorised purposes; and 3. have access to personal data held aboutthem. After a period of considerable uncertainty, in July 2000 the European Commission (EC) announced it accepted that the Safe Harbor Principles do provide adequate protection for personal data transferred from the EU and this decision is binding on all 15 member states. The EC has indicated that the ‘safe harbor’ arrangements should be in place by November 2000 and this will ensure that, as long as the process is followed correctly, personal data can now be transferred to the US.
This premium content is reserved for
Legal Week Subscribers.
A PREMIUM SUBSCRIPTION PROVIDES:
- Trusted insight, news and analysis from the UK and across the globe
- Connections to senior business lawyers within the leading law firms and legal departments
- Unique access to ALM's unrivalled, market-leading reporting in the US and Asia and cutting-edge research, including Legal Week's UK Top 50 and Global 100 rankings
- The Legal Week Daily News Alert, Editor's Highlights, and Breaking News digital newsletters and more, plus a choice of over 70 ALM newsletters
- Optimized access on all of your devices: desktop, tablet and mobile
- Complete access to the site's full archive of more than 56,000 articles
Already have an account? Sign In Now
For enterprise-wide or corporate enquiries, please contact Paul Reeves on Preeves@alm.com or call on +44 (0) 203 875 0651