scholarly journals International Data Transfers post Schrems – Moving Towards Solutions

2021 ◽  
pp. 21-37
Author(s):  
Dan Jerker B. Svantesson
Keyword(s):  
Data Privacy ◽  
Personal Data ◽  
Modern World ◽  
Human Right ◽  
International Data ◽  
Data Transfers ◽  
International Data Transfers ◽  
Selection Of

International data transfers are both essential for the modern world and a major source of risksto the protection of personal data. In this, we can speak of a clash between an important multifacetedobjective and the protection of a complex fundamental human right with implicationsgoing far beyond that right itself.The goal must be to facilitate data privacy respecting international data transfers. However,agreement on this goal – even if widespread – does not necessarily signal agreement on how wereach that goal. To make progress, we must proceed with caution and yet avoid getting boggeddown in the unavoidable challenges, such as definitional challenges, we will face.This article canvasses a selection of key considerations that ought to be kept in mind whenwe discuss approaches to international data transfers. However, to prepare ground for that discussion,it first sets the scene by examining the so-called Schrems II decision, its larger contextand background, as well as some of the reactions we have seen to that decision.

scholarly journals La transferencia internacional de datos de carácter personal

2012 ◽  
Author(s):  
Vicente Guasch Portas
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
The World ◽  
European Union Legislation ◽  
International Data ◽  
Data Transfers ◽  
The Moment ◽  
International Data Transfers ◽  
Shed Light

La normativa de la Unión Europea en el campo de la protección de datos es la más exigente del planeta. En cambio hay países con una regulación poco exigente, o incluso sin regulación de ningún tipo. Estas diferencias pueden conducir a que la protección conseguida en el seno de la Unión se pierda en el momento en que los datos puedan ser localizados en naciones con un nivel inferior o completamente nulo de protección. Para evitarlo se han regulado minuciosamente las transferencias internacionales de datos. En este trabajo se pretende dar luz a algunos de los aspectos menos conocidos de los movimientos internacionales de datos personales. Analizamos un documento fundamental del Grupo de Trabajo del artículo 29 de la Directiva 95/46/CE: el WP 12. Revisamos la competencia de la AEPD en cuanto a la evaluación de los Estados que proporcionan un nivel adecuado de protección. Examinamos la necesidad de cumplir con las disposiciones legales en el caso de transferencia internacional. Por último reflexionamos sobre los cambios previstos en la propuesta de Reglamento comunitario de protección de datos.The European Union legislation in the field of data protection is the most demanding in the world. But there are countries with lax regulation, or no regulation of any kind. These differences may lead to the protection achieved within the Union lost in the moment that the data may be located in countries with a lower level of protection or completely invalid. To avoid this we have carefully regulated international data transfers. This paper aims to shed light on some of the lesser known aspects of international flows of personal data. We analyzed a fundamental document of the Working Group of Article 29 of Directive 95/46/EC: the WP 12. We review the jurisdiction of the AEPD regarding the evaluation of states that provide an adequate level of protection. We examined the need to comply with the laws in the case of international transfer. Finally we reflect on the changes envisaged in the proposed EU regulation on data protection.

Regulation of International Data Transfers in Clouds

2021 ◽  
pp. 340-381
Author(s):  
Ulrich Wuermeling ◽  
Isabella Oldani
Keyword(s):  
Data Transfer ◽  
Personal Data ◽  
Cloud Provider ◽  
European Economic Area ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Number Of Factors ◽  
International Data ◽  
Data Transfers ◽  
International Data Transfers

This chapter studies the regulation of international data transfers in clouds. The General Data Protection Regulation (GDPR) stipulates that any transfer of personal data from the European Union (EU) (as well as other European Economic Area (EEA) countries) to a third country or an international organisation is subject to restrictions to ensure that the level of protection provided by the GDPR is not undermined. The GDPR requires either adequate protection or appropriate safeguards for transfers of personal data to third countries. When assessing a data transfer to a third country, a number of factors must be considered. First, it is necessary to establish whether the processing of personal data falls within the scope of the GDPR. Second, the GDPR may apply either to the cloud provider or its customer, or to both. Third, it is necessary to establish when a 'transfer' of personal data from an EU Member State to a third country is taking place and how the protection of the data can be ensured. Fourth, in some circumstances, there may be an exception to the requirement to ensure continued protection following a data transfer.

scholarly journals Cross-Border Transfers of Personal Data After Schrems II: Supplementary Measures and new Standard Contractual Clauses (SCCs)

2021 ◽  
Vol 4 (2) ◽  
pp. 37-47
Author(s):  
Marcelo Corrales Compagnucci ◽  
Mateo Aboy ◽  
Timo Minssen
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
Cross Border ◽  
Data Protection Directive ◽  
Legal Challenges ◽  
International Data ◽  
Data Transfers ◽  
International Data Transfers ◽  
The Eu

 This article analyses the legal challenges of international data transfers resulting from the recent Court of Justice of the European Union (CJEU) decision in Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Schrems II). This judgement invalidated the EU-US Privacy Shield Framework but upheld the use of standard contractual clauses (SCCs). However, one caveat is that organisations would have to perform a case-by-case assessment on the application of the SCCs and implement ‘supplementary measures’ to compensate for the lack of data protection in the third country, where necessary. Regrettably, the CJEU missed the opportunity to specify what exactly these ‘supplementary measures’ could be. To fill this gap, the European Data Protection Board (EDPB) adopted guidelines on the measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data. In addition, on June 4th, 2021 the European Commission issued new SCCs which replaced the previous SCCs that were adopted under the previous Data Protection Directive 95/46. These new developments have raised the bar for data protection in international data transfers. In this article, we analyse the current regulatory framework for cross-border transfers of EU personal data and examine the practical considerations of the emerging post-Schrems II legal landscape. 

Sign in / Sign up

Export Citation Format

Share Document