Processing data to Third Countries or International Organizations
Martina BOSSI
Abstract
The EU General Data Protection Regulation has specifically dealt with the transfer of data from the EU to Third Countries or to International Organizations.
It contains the core discipline of these peculiar data transfers. The EU has chosen to dedicate a whole Chapter to this matter because of the risks involved in these kinds of data processing and the sensitiveness of the transferred information. We would discuss which are the methods the GDPR prescribes to protect sensitive information in these cases.
Furthermore, we would analyzed the potential legal conflicts which may arise because of the primacy that the EU law grants to data protection, seeing it as a fundamental right, in respect of the international treaties which are applicable into a specific Third Country or into an IO. This may originate uncertainties regarding to which law should have precedence over the other - whether the GDPR or the International law – causing troubles to data controllers and data processor to safely carry out international data transfers.
Keywords
References
[1] European Union. (2016). EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Official Journal of the European Union.
[2] European Commission. (2019). Adequacy decisions - How the EU determines if a non-EU country has an adequate level of data protection.
[3] European Commission. (2019). Commissioner for Justice, Consumers and Gender Equality, EU Japan Adequacy Decision - Fact sheet.
[4] U.S. Department of Commerce. (2016). EU-US Privacy Shield Framework.
[5] Chenaoui, H. (2018). Moroccan data protection law: Moving to align with EU data protection? https://iapp.org/news/a/moroccan-data-protection-law-moving-to-align-with-eu-data-protection/.
[6] Vollmer, N. (2021, July 2). Recital 108 EU General Data Protection Regulation (EU-GDPR). Privacy/Privazy according to plan. Nicholas Vollmer. https://www.privacy-regulation.eu/en/recital-108-GDPR.htm
[7] Recital 109 - Standard Data Protection Clauses. (2019, September 3). General Data Protection Regulation (GDPR). https://gdpr-info.eu/recitals/no-109/
[8] International Organization for Migration (IOM). (2010). Data protection Manual.
[9] Kuner, C. & Marelli, M. (2017). Handbook on Data Protection in Humanitarian Action.
[10] EUR-Lex - 52012PC0011 - EN - EUR-Lex. (n.d.). EUR-Lex. https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A52012PC0011
[11] United Nations. Art. 103 of the UN Charter. https://www.un.org/en/sections/un-charter/un-charter-full-text/
[12] European Union. Art. 8 of the Charter of Fundamental Rights of the European Union. https://www.europarl.europa.eu/charter/pdf/text_en.pdf
[13] InfoCuria. Joined Cases C-402 & 415/05P, Kadi, 2008 ECR 1-6351. http://curia.europa.eu/juris/liste.jsf?num=C-402/05&language=en.
[14] InfoCuria. Case C-362/14, Maximilian Schrems vs Data Protection Commissioner. http://curia.europa.eu/juris/liste.jsf?num=C-362/14.
[15] European Data Protection Board. The Article 29 Working Party. https://edpb.europa.eu/our-work-tools/article-29-working-party_en.
[16] European Commission. Article 29 Working Party, “Adequacy referential” (updated). https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=614108.
Submitted date:
03/12/2021
Reviewed date:
03/29/2021
Accepted date:
05/04/2021
Publication date:
03/29/2021