Cross-Border Transfer of Personal Data

2011 ◽  
pp. 298-316
Author(s):  
Grigore-Octav Stan ◽  
Georgiana Ghitu
Keyword(s):  
Data Protection ◽  
Data Transfer ◽  
Personal Data ◽  
European Economic Area ◽  
The European Union ◽  
Legal Regime ◽  
Cross Border ◽  
Data Protection Directive ◽  
High Level ◽  
Insight Into

This chapter outlines the Romanian data protection legal regime governing the cross-border transfers of personal data, both to countries located in the European Union (EU) or in the European Economic Area (EEA), as well as to non-EU or non-EEA countries. In addressing the Romanian legal requirements related to international transfers of personal data, a high level insight into the background of Romanian data protection principles and main rules applicable in the broader context of privacy proves useful. Although this chapter analyzes mainly the Romanian legal regime of data protection, with a special emphasis on cross-border transfer of personal data, a similar interpretation and application of the data protection related requirements may also be encountered in other European jurisdictions. While expounding primarily on data transfer related matters, this chapter also looks at how the EU Data Protection Directive (Directive No. 95/46 EC), as well as the relevant secondary legislation in the field of data protection, has been implemented into Romanian law.

Cross-Border Transfer of Personal Data

Cyber Crime ◽  
2013 ◽  
pp. 832-850
Author(s):  
Grigore-Octav Stan ◽  
Georgiana Ghitu
Keyword(s):  
Data Protection ◽  
Data Transfer ◽  
Personal Data ◽  
European Economic Area ◽  
The European Union ◽  
Legal Regime ◽  
Cross Border ◽  
Data Protection Directive ◽  
High Level ◽  
Insight Into

This chapter outlines the Romanian data protection legal regime governing the cross-border transfers of personal data, both to countries located in the European Union (EU) or in the European Economic Area (EEA), as well as to non-EU or non-EEA countries. In addressing the Romanian legal requirements related to international transfers of personal data, a high level insight into the background of Romanian data protection principles and main rules applicable in the broader context of privacy proves useful. Although this chapter analyzes mainly the Romanian legal regime of data protection, with a special emphasis on cross-border transfer of personal data, a similar interpretation and application of the data protection related requirements may also be encountered in other European jurisdictions. While expounding primarily on data transfer related matters, this chapter also looks at how the EU Data Protection Directive (Directive No. 95/46 EC), as well as the relevant secondary legislation in the field of data protection, has been implemented into Romanian law.

scholarly journals Cross-Border Transfers of Personal Data After Schrems II: Supplementary Measures and new Standard Contractual Clauses (SCCs)

2021 ◽  
Vol 4 (2) ◽  
pp. 37-47
Author(s):  
Marcelo Corrales Compagnucci ◽  
Mateo Aboy ◽  
Timo Minssen
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
Cross Border ◽  
Data Protection Directive ◽  
Legal Challenges ◽  
International Data ◽  
Data Transfers ◽  
International Data Transfers ◽  
The Eu

 This article analyses the legal challenges of international data transfers resulting from the recent Court of Justice of the European Union (CJEU) decision in Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Schrems II). This judgement invalidated the EU-US Privacy Shield Framework but upheld the use of standard contractual clauses (SCCs). However, one caveat is that organisations would have to perform a case-by-case assessment on the application of the SCCs and implement ‘supplementary measures’ to compensate for the lack of data protection in the third country, where necessary. Regrettably, the CJEU missed the opportunity to specify what exactly these ‘supplementary measures’ could be. To fill this gap, the European Data Protection Board (EDPB) adopted guidelines on the measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data. In addition, on June 4th, 2021 the European Commission issued new SCCs which replaced the previous SCCs that were adopted under the previous Data Protection Directive 95/46. These new developments have raised the bar for data protection in international data transfers. In this article, we analyse the current regulatory framework for cross-border transfers of EU personal data and examine the practical considerations of the emerging post-Schrems II legal landscape. 

scholarly journals Compatibility of the EU and Georgian Personal Data Protection Regimes and Data Transfer

Law and World ◽  
2021 ◽  
Vol 7 (5) ◽  
pp. 40-46
Keyword(s):  
European Union ◽  
Data Protection ◽  
Data Transfer ◽  
Personal Data ◽  
Data System ◽  
Protection System ◽  
The European Union ◽  
Great Opportunity ◽  
Association Agreement ◽  
Personal Data Protection

The work discusses Personal Data Protection system under the European Union law, also Personal Data Protection in Georgia and the compatibility of those two regimes. Moreover, there were men- tioned ways how Georgia can adopt regulations and harmonize its legislation, to be compatible with the European Union Personal Data Protection regime. The work emphasized efforts of Georgia on the path of developing its Personal Data Protection system. The many citizens of Georgia don’t even have a knowledge that their Personal Data has to be defended. Although, the court practice of Georgia revealed good developing signs in this field. If before there were not any cases concerning personal data protection, today we have some good decisions regarding the personal data protection. The data transfer between the European Union and Georgia, is also implemented in the Association Agreement between the European Union and Georgia. Here as well has to be mentioned that the Association Agreement was the greatest step for Georgia, it was the great opportunity to harmonize Georgian Personal Data system with a European. Step by step, Georgia is straining to become a member of the European Union. Thus, this work is a look through past and future of Georgian and EU relations in the field of Personal Data system.

scholarly journals Analyzing Remote Server Locations for Personal Data Transfers in Mobile Apps

2017 ◽  
Vol 2017 (1) ◽  
pp. 118-131 ◽  
Author(s):  
Mojtaba Eskandari ◽  
Bruno Kessler ◽  
Maqsood Ahmad ◽  
Anderson Santana de Oliveira ◽  
Bruno Crispo
Keyword(s):  
Mobile Devices ◽  
Data Protection ◽  
High Speed ◽  
Data Transfer ◽  
Mobile Apps ◽  
Personal Data ◽  
Analysis Tool ◽  
The European Union ◽  
Wide Range ◽  
Almost All

Abstract The prevalence of mobile devices and their capability to access high speed internet has transformed them into a portable pocket cloud interface. Being home to a wide range of users’ personal data, mobile devices often use cloud servers for storage and processing. The sensitivity of a user’s personal data demands adequate level of protection at the back-end servers. In this regard, the European Union Data Protection regulations (e.g., article 25.1) impose restriction on the locations of European users’ personal data transfer. The matter of concern, however, is the enforcement of such regulations. The first step in this regard is to analyze mobile apps and identify the location of servers to which personal data is transferred. To this end, we design and implement an app analysis tool, PDTLoc (Personal Data Transfer Location Analyzer), to detect violation of the mentioned regulations. We analyze 1, 498 most popular apps in the EEA using PDTLoc to investigate the data recipient server locations. We found that 16.5% (242) of these apps transfer users’ personal data to servers located at places outside Europe without being under the control of a data protection framework. Moreover, we inspect the privacy policies of the apps revealing that 51% of these apps do not provide any privacy policy while almost all of them contact the servers hosted outside Europe.

Regulation of International Data Transfers in Clouds

2021 ◽  
pp. 340-381
Author(s):  
Ulrich Wuermeling ◽  
Isabella Oldani
Keyword(s):  
Data Transfer ◽  
Personal Data ◽  
Cloud Provider ◽  
European Economic Area ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Number Of Factors ◽  
International Data ◽  
Data Transfers ◽  
International Data Transfers

This chapter studies the regulation of international data transfers in clouds. The General Data Protection Regulation (GDPR) stipulates that any transfer of personal data from the European Union (EU) (as well as other European Economic Area (EEA) countries) to a third country or an international organisation is subject to restrictions to ensure that the level of protection provided by the GDPR is not undermined. The GDPR requires either adequate protection or appropriate safeguards for transfers of personal data to third countries. When assessing a data transfer to a third country, a number of factors must be considered. First, it is necessary to establish whether the processing of personal data falls within the scope of the GDPR. Second, the GDPR may apply either to the cloud provider or its customer, or to both. Third, it is necessary to establish when a 'transfer' of personal data from an EU Member State to a third country is taking place and how the protection of the data can be ensured. Fourth, in some circumstances, there may be an exception to the requirement to ensure continued protection following a data transfer.

The Crisis of Privacy and Sacrifice of Personal Data in the Name of National Security

2019 ◽  
pp. 109-126
Author(s):  
Irena Nesterova
Keyword(s):  
National Security ◽  
Data Protection ◽  
Data Transfer ◽  
Personal Data ◽  
The European Union ◽  
Data Retention ◽  
Privacy And Security ◽  
The Public ◽  
Mass Surveillance ◽  
Proper Balance

Edward Snowden’s surveillance revelations in 2013 raised the issue of privacy and security in the public spotlight. These revelations underlined the need for a strong data protection framework. At the same time, the pressing demand to address security concerns and the threat of terrorist attacks might weaken privacy and data protection standards. Two landmark judgments of the Court of Justice of the European Union, namely the Digital rights Ireland judgment (which invalidates the Data Retention Directive) and the Schrems judgment (which invalidates the Safe Harbour Decision forming a legal basis for transatlantic data transfers) are of great significance in strengthening the rights to privacy and data protection in the context of digital mass surveillance. They continue to have far-reaching implications for EU and national data retention mechanisms, as well on the cross-border data transfer framework. Through the lens of the CJEU, the chapter reveals the key challenges that data protection law faces both at national and EU level that have to be addressed in response to mass surveillance in order to maintain a proper balance between privacy and national security.

scholarly journals EUROPEAN UNION DATA PROTECTION LAW AND MEDIA EXPRESSION: FUNDAMENTALLY OFF BALANCE

2016 ◽  
Vol 65 (1) ◽  
pp. 139-183 ◽  
Author(s):  
David Erdos
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
Sensitive Information ◽  
European Economic Area ◽  
Systematic Analysis ◽  
Criminal Convictions ◽  
European Data ◽  
Data Protection Directive ◽  
Fundamental Rights And Freedoms

AbstractThe European Data Protection Directive 95/46/EC requires all European Economic Area (EEA) jurisdictions to provide an equivalent regime protecting the privacy and other fundamental rights and freedoms of natural persons in relation to personal data processing, whilst also shielding media expression from the default substantive requirements as necessary to ensure a balance between fundamental rights. Through a comprehensive coding of the derogations set out in each jurisdiction's data protection laws, this article provides the first systematic analysis of whether this has in fact been achieved. It is demonstrated that there is a total lack of even minimal harmonization in this area, with many laws providing for patently unbalanced results especially as regards the publication of sensitive information, which includes criminal convictions and political opinion, and the collection of information without notice direct from the data subject. This reality radically undermines European data protection's twin purposes of ensuring the free flow of personal data and protecting fundamental rights, an outcome which remains largely unaddressed by the proposed new Data Protection Regulation. Practical suggestions are put forward to ameliorate these troubling inconsistencies within the current process of reform.

scholarly journals La regulación del flujo de datos personales entre la Unión Europea y el Reino Unido tras el Brexit = The regulation of the flow of personal data between the European Union and the United Kingdom after Brexit

2020 ◽  
Vol 12 (1) ◽  
pp. 231
Author(s):  
Ana Gascón Marcén
Keyword(s):  
European Union ◽  
United Kingdom ◽  
Data Protection ◽  
Personal Data ◽  
European Economic Area ◽  
The European Union ◽  
European Economic ◽  
Personal Data Protection ◽  
The United Kingdom ◽  
Economic Area

Resumen: El objetivo de este trabajo es considerar qué ocurrirá cuando Reino Unido se convierta en un país tercero para la Unión Europea y cómo afectará esto a la libre circulación de datos personales que existía antes de su salida del mercado único digital. Se prestará especial atención al análisis de los mecanismos que permitirían continuar transfiriendo datos desde el Espacio Económico Europeo al Reino Unido y, en particular, la posibilidad de una decisión de adecuación y los problemas que puede encontrar.Palabras clave: protección de datos personales, Brexit, decisión de adecuación, Unión Europea, Reino Unido. Abstract: The objective of this paper is to consider what will happen when the United Kingdom becomes a third State for the European Union and how this will affect the free movement of personal data that existed before its exit from the digital single market. Special attention will be paid to the analysis of the mechanisms that would allow the transfer of data from the European Economic Area to the United Kingdom and, in particular, the possibility of an adequacy decision and the problems it may encounter.Keywords: personal data protection, Brexit, adequacy decision, European Union, United Kingdom

Legislative discourse of digital governance: a corpus-driven comparative study of laws in the European Union and China

2021 ◽  
Vol 0 (0) ◽  
Author(s):  
Siyue Li ◽  
Chunyu Kit
Keyword(s):  
European Union ◽  
Data Protection ◽  
Data Security ◽  
Personal Data ◽  
The European Union ◽  
Data Governance ◽  
Personal Data Protection ◽  
Cross Border ◽  
Digital Governance ◽  
The Eu

Abstract Based on the self-compiled corpora of the European Union and Chinese laws on data governance, this study adopts a corpus-driven approach to comparatively study the legislative design of the EU and China on digital governance, especially on key issues such as data protection, data processing and utilization, and cross-border data transfer. It is found through corpus analysis that the EU has developed a relatively comprehensive data protection system, which internally focuses on the protection of individual data rights and externally sets high standards on the cross-border transfer of data. Despite the data protection paradigm as it manifests, the EU is facing new challenges on data exportation, data jurisdiction in the competitive digital marketplace. Shared the same concern on the data protection legislation, Chinese data law has made significant progress in personal data protection with the nascent enactment of Data Security Law and Personal Data Protection Law. Notably, Chinese legislation features the hierarchal taxonomy of data under the principle of the national security exception, while it requires more legislative skills, flexible response mechanisms, and more subordinate laws to prevent future data security threats. Moreover, the corpus-driven method conducted in this study provides evidential insights for the comparative legal textual studies across jurisdictions.

scholarly journals Is Data Localization a Solution for Schrems II?

2020 ◽  
Vol 23 (3) ◽  
pp. 771-784
Author(s):  
Anupam Chander
Keyword(s):  
European Union ◽  
Data Protection ◽  
Data Transfer ◽  
Personal Data ◽  
The European Union ◽  
Personal Privacy ◽  
Court Of Justice ◽  
The Usa

ABSTRACT For the second time this decade, the Court of Justice of the European Union has struck a blow against the principal mechanisms for personal data transfer to the USA. In Data Protection Commissioner v Facebook Ireland, Maximillian Schrems, the Court declared the European Union-US Privacy Shield invalid and placed significant hurdles to the process of transferring personal data from the European Union to the USA via the mechanism of Standard Contractual Clauses. Many have begun to suggest data localization as the solution to the problem of data transfer; that is, do not transfer the data at all. I argue that data localization neither solves the problem of foreign surveillance, nor enhances personal privacy, while undermining other values embraced by the European Union.

Sign in / Sign up

Export Citation Format

Share Document