During the plenary session of June, the European Data Protection Board has adopted recommendations on guarantees for the integration of transfers instruments, after a public consultation. Recommendations will help data controller and processors in identify and detect adequate guarantees for different situations in order to guarantee a personal data protection level equal for personal data transferred to third countries and international organizations as in the EEA.
Recommendations were applied since November 2020 and were integrated based on the comments received during the consultation.
The new version of the recommendations underlines in particular that, in their assessment case by case, exporters of data shall keep in mind that is part of the legislation of the third country that practices of public authorities in this country and assess if the affect or not the effectiveness of the personal data protection pursuant to article 46.
Among other things, recommendations will help the Commission in the assessment of new Standard Contractual Clauses on international transfers, which shall keep in mind the impact of the legislation and the local practices on the respect of these SCC.
The assessment will determine if it is necessary to implement additional guarantees.
In all the cases, it could not be possible to adopt adequate guarantees. In this case, the transfers of data towards a third country shall not be started or the transfers shall be stopped.
Recommendations include also the possibility for the data exporter to keep in mind, that among other things and except some reserves, of the practical experience of the importer of data with practices of third countries. In addition, it has been added a new clarification that the efficiency of the way of transmission can be affected by the legislation of the third country, which permit to public authorities to have the access to data which have been to share during the transmission.
The recommendations were published on the website of the EDPB:
edpb_recommendations_202001vo.2.0_supplementarymeasurestransferstools_en (2)SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA FINLANDIA