In its communication published yesterday, January 10, 2017, the European Commission announced it will proactively engage in discussions on reaching “adequacy decisions” with key trading partners in East and South-East Asia, starting with Japan and Korea in 2017. Adequacy decisions allow the free flow of personal data from European Union (EU) to countries with adequate or “essentially equivalent” data protection rules to those in the EU.
Besides East and South-East Asia also will open discussion with interested countries of Latin America and the Europe.?Also,?Commission states that it can now adopt adequacy decisions for the law enforcement sector, particular territory of a third country or a specific sector or industry within a third country.
Italian Data Protection Authority (Garante per la protezione dei dati personali) has authorized the transfer of personal data to the US under the Privacy Shield so recognizing?it provides?adequate level of protection of personal data. However, Italian?Data Protection Authority has reserved the right to further monitor and review the adequacy of data transfer scheme.
EU Parliament on December 1, 2016 voted to back the EU-US Umbrella Agreement on data protection in exchanges for law enforcement purposes.?Agreement covers the transfer of all personal data exchanged between the EU and US regarding?criminal offences.
The deal is to?ensure high, binding data protection standards in the?data exchanged.?The Agreement itself is not a?legal basis for data transfers, but protects those data that are already exchanged legally, says?Parliament’s lead MEP Jan Philipp Albrecht.
Umbrella?Agreement?will ensure citizens in?both in EU and US?have equal rights to:
– be informed in the event of data security breaches,
– have inaccurate information corrected and
– judicial redress at court.
The Agreement also sets limits on onward transfers of data and retention periods.
On 18 November 2016, the Argentinian data protection authority published Regulation 60 ? E/2016 on international transfers of personal data that?complements Argentina?s Data Protection Law, which like European Union law prohibits transfers to countries that do not provide adequate levels of protection. Regulation introduces two model contracts for international data transfers to countries that do not provide adequate levels of protection – one one is for?use for transfers by data controllers to data controllers, and?the other -?for transfers to data processors.
When contracts other than model contracts are used for an international data transfer, it will be required within 30 days to?notify data protection authority.
Recently United Nations Conference on Trade and Development (UNCTAD?) published a report?on privacy and personal data protection law, trans-border data flow and their implications on international trade and development. The in-depth and substantive report also places a focus on developing nations.
This study is a timely contribution to our understanding of how data protection regulations and international data fl ows affect international trade. It reviews the experience in different parts of the world and of different stakeholders. The study identifi es key concerns that data protection and privacy legislation need to address. It also examines the present patchwork of global, regional and national frameworks to seek common ground and identify areas where different approaches tend to diverge. The last part of the study considers possible future policy options, taking the concerns of all stakeholders into account.