Navigation path

Home

Commission decisions on the adequacy of the protection of personal data in third countries RSS

The Council and the European Parliament have given the Commission the power to determine, on the basis of Article 25(6) of Directive 95/46/EC whether a third country ensures an adequate level of protection by reason of its domestic law or of the international commitments it has entered into. The adoption of a (comitology) Commission decision based on Article 25.6 of the Directive involves:

  • a proposal from the Commission;
  • an opinion by Member States' data protection authorities and the EDPS (European Data Protection Supervisor), in the framework of the Article 29 Working Party Choose translations of the previous link  ;
  • an approval from the "Article 31 Committee", composed of representatives of Member States, under the comitology "examination procedure";
  • the adoption of the decision by the College of Commissioners;
  • at any time, the European Parliament and the Council may request the Commission to maintain, amend or withdraw the adequacy decision on the grounds that its act exceeds the implementing powers provided for in the Directive.

The effect of such a decision is that personal data can flow from the 28 EU countries and three EEA member countries (Norway, Liechtenstein and Iceland) to that third country without any further safeguard being necessary.

The Commission has so far recognized Andorra, Argentina, Canada (commercial organisations), Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US Department of Commerce's Safe Harbour Privacy Principles as providing adequate protection.

These adequacy decisions do not cover data exchanges in the law enforcement sector. For special arrangements concerning exchanges of data in this field, see the PNR (Passenger Name Record) and TFTP (Terrorist Financing Tracking Programme) agreements Choose translations of the previous link .

AD - Andorra

  • 2010/625/EU: Commission Decision of 19 October 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Andorra (notified under document C(2010) 7084) Text with EEA relevance.
  • Opinion 7/2009pdf Choose translations of the previous link  of the Article 29 Working Party on the level of protection of personal data in the Principality of Andorra.

Top

AR - Argentina

  • 2003/490/EC: Commission Decision of 30 June 2003 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Argentina
  • Opinion 4/2002pdf Choose translations of the previous link  of the Article 29 Working Party on the level of protection of personal data in Argentina

Top

CA - Canada

  • SEC(2006) 1520pdf Choose translations of the previous link : Commission Staff Working Document: The application of Commission Decision 2002/2/EC of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documentation Act
  • Frequently asked questions Choose translations of the previous link  on the Commission's adequacy finding on the Canadian Personal Information Protection and Electronic Documents Act (March 2002)
  • 2002/2/EC: Commission Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act (notified under document number C(2001) 4539)
  • Opinion 2/2001pdf of the Article 29 Data Protection Working Party on the adequacy of the Canadian Personal Information and Electronic Documents Act

Top

CH - Switzerland

  • SEC (2004) 1322pdf Choose translations of the previous link : Commission Staff Working Document: The application of Commission Decision 2000/518/EC of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland
  • 2000/518/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland (notified under document number C(2000) 2304)
  • Opinion 5/99pdf of the Article 29 Data Protection Working Party on the level of protection of personal data in Switzerland

Top

FO - Faeroe Islands

  • 2010/146/EU: Commission Decision of 5 March 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection provided by the Faeroese Act on processing of personal data (notified under document C(2010) 1130)
  • Opinion 9/2007pdf Choose translations of the previous link  of the Article 29 Data Protection Working Party on the level of data protection in the Faeroe Islands

Top

GG - Guernsey

  • 2003/821/EC: Commission Decision of 21 November 2003 on the adequate protection of personal data in Guernsey (Text with EEA relevance) (notified under document number C(2003) 4309)
  • Opinion 5/2003pdf Choose translations of the previous link  of the Article 29 Working Party  on the level of data protection in Guernsey

Top

IL - State of Israel

  • 2011/61/EU: Commission Decision of 31 January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data (notified under document C(2011) 332)
  • Opinion 6/2009pdf Choose translations of the previous link  of the Article 29 Working Party on the level of protection of personal data in the State of Israel

Top

IM - Isle of Man

  • 2004/411/EC: Commission Decision of 28 April 2004 on the adequate protection of personal data in the Isle of Man
  • Opinion 6/2003pdf Choose translations of the previous link  of the Article 29 Working Party on the level of protection of personal data in the Isle of Man

Top

JE - Jersey

  • 2008/393/EC: Commission Decision of 8 May 2008 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Jersey (notified under document number C(2008) 1746)
  • Opinion 8/2007pdf Choose translations of the previous link  of the Article 29 Working Party on the level of protection of personal data in Jersey

Top

NZ - New Zealand

  • 2013/65/EU: Commission Implementing Decision of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by New Zealand (notified under document C(2012) 9557)
  • Opinion 11/2011 pdf (101 kB) Choose translations of the previous link  of the Article 29 Working Party on the level of protection of personal data in New Zealand

Top

US - United States - Safe Harbour

  • COM/2013/0847: Communication from the Commission to the European Parliament and the Council on the Functioning of the Safe Harbour from the Perspective of EU Citizens and Companies Established in the EU
  • SEC (2004) 1323pdf Choose translations of the previous link : Commission Staff Working Document - The implementation of Commission Decision 520/2000/EC on the adequate protection of personal data provided by the Safe Harbour privacy Principles and related Frequently Asked Questions issued by the US Department of Commerce 20.10.2004
  • SEC(2002) 196pdf Choose translations of the previous link : Commission Staff Working Paper - The application of Commission Decision 520/2000/EC of 26 July 2000 pursuant to Directive 95/46 of the European Parliament and of the Council on the adequate protection of personal data provided by the Safe Harbour Privacy Principles and related Frequently Asked Questions issued by the US Department of Commerce 14.02.2002
  • 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified under document number C(2000) 2441)
  • Corrigendum
  • A5- 0177/2000pdf Choose translations of the previous link : European Parliament Report on the Draft Commission Decision on the adequacy of the protection provided by the Safe Harbour Privacy Principles (C5-0280/2000 –2000/2144(COS))
  • Opinion 4/2000pdf Choose translations of the previous link  of the Article 29 Working Party on the level of protection provided by the "Safe Harbor Principles"
  • Opinion 3/2000pdf Choose translations of the previous link  of the Article 29 Working Party on the EU/US dialogue concerning the "Safe harbor" arrangement
  • Opinion 7/99pdf Choose translations of the previous link  of the Article 29 Working Party on the Level of Data Protection provided by the "Safe Harbor" Principles as published together with the Frequently Asked Questions (FAQs) and other related documents on 15 and 16 November 1999 by the US Department of Commerce
  • 5075/99/EN/finalpdf: Working document on the current state of play of the ongoing discussions between the European Commission and the United States Government concerning the "International Safe Harbor Principles"
  • Opinion 4/99pdf Choose translations of the previous link  of the Article 29 Working Party on the Frequently Asked Questions to be issued by the US Department of Commerce in relation to the proposed "Safe Harbor Principles" on the Adequacy of the "International Safe Harbor Principles"
  • Opinion 2/99pdf Choose translations of the previous link  of the Article 29 Working Party on the Adequacy of the "International Safe Harbor Principles" issued by the US Department of Commerce on 19th April 1999
  • Opinion 1/99pdf Choose translations of the previous link  of the Article 29 Working Party concerning the level of data protection in the United States and the ongoing discussions between the European Commission and the United States Government

EU data protection panel

The data protection panel is an informal body created under the Safe Harbour framework, which, among others, is competent for investigating and resolving complaints lodged by individuals for alleged infringement of the Safe Harbour.
The data protection panel is composed of representatives of various EU data protection authorities. A full list of the data protection authorities that are members of the panel is available at: http://forum.europa.eu.int/Public/irc/secureida/safeharbor/home

Address for complaints: European Commission, Directorate General Justice, Directorate C (Fundamental Rights and Union Citizenship) of the European Commission, Data Protection Panel, B-1049 Brussels, Belgium, Telephone: (32-2) 299 11 11, Fax: (32-2) 298.80.94, email: ec-dppanel-secr@ec.europa.eu

For more information:

Top

UY - Eastern Republic of Uruguay

  • 2012/484/EU: Commission Implementing Decision of 21 August 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the Eastern Republic of Uruguay with regard to automated processing of personal data (notified under document C(2012) 5704)
  • Opinion 6/2010pdf(87 kB) Choose translations of the previous link  of the Article 29 Working Party on the level of protection of personal data in the Eastern Republic of Uruguay