Honing in on the new rules for the transfer of personal data outside of the EEA

more+
less-

(LONDON) Although no major legislative milestones for the EU Data Protection Regulation have occurred since March 2014 (see status update here), there has been some progress over the late spring and early summer of 2014.  One key item that will be of interest to US companies is the Council’s compromise position on a key piece of the Regulation, the rules for the transfer of personal data to countries outside of the European Economic Area (EEA), published on May 28, 2014.  

The current mechanisms for legitimizing such transfers, including adequacy assessments, Binding Corporate Rules, model contracts, and express consent, are retained.  Also, an important “derogation” for infrequent, small transfers has been endorsed.

The Council’s full wording for the infrequent, small transfer derogation is as follows:

. . . the transfer, which is not large scale or frequent, is necessary for the purposes of legitimate interests pursued by the controller which are not overridden by the interests or rights and freedoms of the data subject and where the controller (…) has assessed all the circumstances surrounding the data transfer operation or the set of data transfer operations and (…) based on this assessment adduced suitable safeguards with respect to the protection of personal data.

This promises to be a useful tool for companies when a relatively small set of data needs to be transferred, particularly in circumstances (such as employee data) where the EU’s views on the validity of consent makes it difficult to rely on consent as a basis for the transfer.

Topics:  Data Protection, EU, EU Data Protection Laws

Published In: Consumer Protection Updates, Finance & Banking Updates, International Trade Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mintz Levin - Privacy & Security Matters | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »