European Commission: Justice

• Criminal Justice
  • Mutual assistance
  • European arrest warrant
  • Mutual recognition
  • Eurojust
  • Judicial network
  • Economic and financial offences
  • Victims’ rights
  • Training network
  • Environmental crime
  • Terrorism
  • Defence rights
• Civil matters-judicial cooperation
  • Alternative methods (conflict resolution)
  • Crime victims compensation
  • Legal aid
  • Judicial network
  • Evidence taking
  • Documents service
  • Mutual recognition
  • Parental responsibility
  • Applicable law
  • Insolvency
• Anti-drugs policy
  • EU Drugs Strategy
  • Synthetic drugs
  • Demand reduction
  • Supply reduction
  • Information, Evaluation, Research
  • International Cooperation
  • Civil Society
• Children
  • Forum
• Contract law and consumer rights
• Fundamental rights
  • Treaties
  • Charter
  • Discrimination
• Data protection
  • Legislation
    • The law
    • Implementation of the Directive
    • Status of implementation of Directive 95/46/EC
  • Review of the Data Protection Legal Framework
  • International Transfers
    • Adequacy of the protection of personal data in third countries
    • Model contracts for the transfer of personal data to third countries
    • FAQs relating to international transfers of personal data to third countries
    • Binding Corporate Rules (BCRs)
  • Art.29 Data Protection Working Party
  • Data Protection Authorities
    • EDPS
    • National Data Protection Commissioners
  • National Policy Documents
  • International instruments
  • Studies
  • Useful links
• EU citizenship
  • Movement and residence
  • Politics
  • Complaints
  • Consular protection
• Tackling discrimination
  • Your rights and obligations
    • Implementation and enforcement
    • Case law
    • National equality bodies
  • Networks of experts
  • support for organisations
  • The business case for diversity
    • Diversity Charters
  • Raising awareness
    • National information
  • Projects in your country
  • Studies, research & evaluation
  • The European Union and Roma
    • Roma Summits
    • Platform for Roma inclusion
    • Funding and projects
    • Research & studies
    • Civil society & international developments
  • People with disabilities
    • Access City Award
      • About the awards
      • Participation rules
      • How to apply
    • The EU Disability Action Plan
    • EU Parking card
    • UN Convention
    • Legislation
• Gender equality
  • Gender pay gap
    • Which are the causes?
    • What is the EU doing?
    • How is it measured?
    • The situation in the EU
    • How to tackle the problem?
    • Action at national level: examples
    • Campaign material
    • Organisations to contact in your country
    • Gender pay gap calculator
      • Gender pay gap calculator Employer
      • Gender pay gap calculator Employee
  • European Institute for Gender Equality
  • Exchange of good practices
  • Your rights and obligations
    • Implementation and enforcement
    • Case law
    • Network of legal experts
    • National equality bodies
  • Gender mainstreaming
  • Strategy 2010-2015
  • Networks of experts
  • Gender balance in Decision-Making
    • Database: women & men in decision making
      • Politics
      • Public administration
      • Judiciary
      • Business and finance
      • Social partners and NGOs
      • Background data
  • Statistics and Indicators
• Justice relations with third countries
  • Partners
    • USA
    • Canada
    • Russia
    • Brazil
    • China and India
    • Africa
    • Central Asia
  • Neighbourhood
    • Mediterranean
    • Eastern
    • Southern Caucuses
    • Black Sea
  • Enlargement
    • Candidate
    • Potential
  • Organisations
    • United Nations
    • Council of Europe

Commission decisions on the adequacy of the protection of personal data in third countries

---

---

Overview

The Council and the European Parliament have given the Commission the power to determine, on the basis of Article 25(6) of directive 95/46/EC whether a third country ensures an adequate level of protection by reason of its domestic law or of the international commitments it has entered into. The adoption of a (comitology) Commission decision based on Article 25.6 of the Directive involves:

• A proposal from the Commission,
• an opinion of the group of the national data protection commissioners (Article 29 working party)
• An opinion of the Article 31 Management committee delivered by a qualified majority of Member States.
• A thirty-day right of scrutiny for the European Parliament, to check if the Commission has used its executing powers correctly. The EP may, if it considers it appropriate, issue a recommendation.
• The adoption of the decision by the College of Commissioners.

The effect of such a decision is that personal data can flow from the 27 EU member states and three EEA member countries (Norway, Liechtenstein and Iceland) to that third country without any further safeguard being necessary. The Commission has so far recognized Switzerland, Canada, Argentina, Guernsey, Isle of Man, the US Department of Commerce's Safe harbor Privacy Principles, and the transfer of Air Passenger Name Record to the United States' Bureau of Customs and Border Protection as providing adequate protection.

---

Third countries

AD - Andorra

• Commission Decision C(2010) 7084 of 19 October 2010 - OJ L 277/27, 21.10.2010
  
• Opinion 7/2009 on the level of protection of personal data in the Principality of Andorra

AR - Argentina

• Commission Decision C(2003) 1731 of 30 June 2003 - OJ L 168, 5.7.2003
  
• Opinion 4/2002 of the Art. 29 Working Party

AU - Australia

• Council Decision 2008/651/CFSP/JHA of 30 June 2008 on the signing, on behalf of the European Union, of an Agreement between the European Union and Australia on the processing and transfer of European Union-sourced passenger name record (PNR) data by air carriers to the Australian Customs Service; OJ L213 of 08/08/2008, p.47-48
  
  Html version
• AGREEMENT between the European Union and Australia on the processing and transfer of European Union sourced passenger name record (PNR) data by air carriers to the Australian customs service; OJ L213 of 08/08/2008, p.49-57
  
  Html version

CA - Canada

• COMMISSION STAFF WORKING DOCUMENT: The application of Commission Decision 2002/2/EC of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documentation Act
  
• COUNCIL DECISION of 18 July 2005 on the conclusion of an Agreement between the European Community and the Government of Canada on the processing of API/PNR data
  
• COMMISSION DECISION of 6 September 2005 on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the Canada Border Services Agency
  
• Opinion 1/2005 on the level of protection ensured in Canada for the transmission of Passenger Name Record and Advance Passenger Information from airlines (19.1.2005)
• Opinion 3/2004 on the level of protection ensured in Canada for the transmission of Passenger Name Records and Advanced Passenger Information from airlines (11.2.2004)
• Frequently Asked Questions on the Commission's adequacy finding on the Canadian Personal Information Protection and Electronic Documents Act (March 2002)
• Commission Decision 2002/2/EC of 20.12.2001 on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act - O.J. L 2/13 of 4.1.2002
• Opinion 2/2001 of the Art. 29 Data Protection Working Party

CH - Switzerland

• Report on the application of Commission Decision 2000/518/EC of 26 July 2000 pursuant to Directive 95/46/EC
• Commission Decision 2000/518/EC of 26.7.2000 - O. J. L 215/1 of 25.8.2000
• Opinion 5/99 of the Art. 29 Data Protection Working Party

FO - Faeroe Islands

• Commission Decision of 5 March 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection provided by the Faeroese Act on processing of personal data (notified under document C(2010) 1130) - OJ L58, 09.03.2010, p.17-19

GG - Guernsey

• Commission Decision of 21 November 2003 on the adequate protection of personal data in Guernsey - OJ L 308, 25.11.2003
• Opinion 5/2003 of the Art. 29 Working Party

IL - State of Israel

• COMMISSION DECISION 2011/61/EU of 31 January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data (notified under document C(2011) 332), OJ L 27, 1 February 2011, p. 39
  http://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:2011:027:SOM:EN:HTML
• Opinion 6/2009 on the level of protection of personal data in Israel of the Art. 29 WP

IM - Isle of Man

• Commission Decision 2004/411/EC of 28.4.2004 on the adequate protection of personal data in the Isle of Man
  See page 48
  Other linguistic versions: see Official Journal L151

JE - Jersey

• Commission Decision of 8 May 2008 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Jersey (notified under document number C(2008) 1746) - OJ L 138, 28.05.2008

US - United States - Transfer of Air Passenger Name Record (PNR) Data

• Council Decision 2007/551/CFSP/JHA of 23 July 2007 on the signing, on behalf of the European Union, of an Agreement between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the United States Department of Homeland Security (DHS) (2007 PNR Agreement)
• Agreement between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the United States Department of Homeland Security (DHS) (2007 PNR Agreement)
  Signed in Brussels, 23 July 2007 and in Washington, 26 July 2007
• Agreement between the European Union and the United States of America on the processing and transfer of passenger name record (PNR) data by air carriers to the United States Department of Homeland Security
  Signed in Washington on 19.10.2006
  • Letter from the 'US Department of Homeland Security' (PNR interpretations)
  • Reply by the Council Presidency and the Commission to the letter from the USA's Department of Homeland Security
  • Council decision 2006/729/CFSP/JHA
• Commission Staff Working Paper on the Joint Review of the implementation by the U.S. Bureau of Customs and Border Protection of the Undertakings set out in Commission Decision 2004/535/EC of 14 May 2004 (Redacted version - 2005)
• European Court of Justice judgment on Passenger Name Records: The court annuls the council decision concerning the conclusion of an agreement between the European Community and the United States of America on the processing and transfer of personal data and the Commission decision on the adequate protection of those data
• Opinion 8/2004 on the information for passengers concerning the transfer of PNR data on flights between the European Union and the United States of America (30.9.2004)
• Agreement between the European Community and the United States of America on the processing and transfer of PNR data by air carriers to the United States Department of Homeland Security, Bureau of Customs and Border Protection
  Signed in Washington on 28.5.2004
• Council Decision of 17 May 2004 on the conclusion of an Agreement between the European Community and the United States of America on the processing and transfer of PNR data by Air Carriers to the United States Department of Homeland Security, Bureau of Customs and Border Protection (2004/496/EC)
• Commission Decision of 14 May on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the United States' Bureau of Customs and Border Protection
• Commission secures guarantees for protecting personal data of transatlantic air passengers (17.5.2004)
• Opinion 2/2004 on the Adequate Protection of Personal Data Contained in the PNR of Air Passengers to Be Transferred to the United States' Bureau of Customs and Border Protection (US CBP) (2.2.2004)
• Letter from Commissioner Bolkestein to US Secretary Tom Ridge, Department of Homeland Security, 18.12.2003
• Communication from the Commission to the Council and the Parliament of 16.12.2003
  
• Speech by Commissioner Bolkestein of 16.12.2003

US - United States - Safe Harbor

• Letter from United States Department of the Treasury regarding SWIFT/Terrorist Finance Tracking Programme, 28 June 2007, OJ C 166, 20.07.2007
• Processing of EU originating Personal Data by United States Treasury Department for Counter Terrorism Purposes — ‘SWIFT’, OJ C 166, 20.07.2007
• Reply from European Union to United States Treasury Department — SWIFT/Terrorist Finance Tracking Programme
• Statement issued by the French delegation on the occasion of the Council Decision authorising the Presidency to sign the draft reply to the letter from the US Secretary of the Treasury regarding access to SWIFT data
• Information about the EU Data protection Panel established under the Safe Harbour Decision and standard complaint forms
  • Information about the EU Data protection Panel
  • Standard complaint form
• Commission Staff Working Document - The implementation of Commission Decision 520/2000/EC on the adequate protection of personal data provided by the Safe Harbour privacy Principles and related Frequently Asked Questions issued by the US Department of Commerce
  SEC(2004)1323
• The application of Commission Decision 520/2000/EC of 26 July 2000 pursuant to Directive 95/46 of the European Parliament and of the Council on the adequate protection of personal data provided by the Safe Harbour Privacy Principles and related Frequently Asked Questions issued by the US Department of Commerce 14.02.2002
  
• Commission Decision 2000/520/EC of 26.7.2000 - O. J. L 215/7 of 25.8.2000
  • Corrigendum
  • Decision
• Report on the Draft Commission Decision from the European Parliament
• Opinion 4/2000 on the level of protection provided by the "Safe Harbor Principles"
• Opinion 3/2000 on the EU/US dialogue concerning the "Safe harbor" arrangement
• Opinion 7/99 on the Level of Data Protection provided by the "Safe Harbor" Principles as published together with the Frequently Asked Questions (FAQs) and other related documents on 15 and 16 November 1999 by the US Department of Commerce
• Working document on the current state of play of the ongoing discussions between the european Commission and the United States Government concerning the "International Safe Harbor Principles"
• Opinion 4/99 on the Frequently Asked Questions to be issued by the US Department of Commerce in relation to the proposed "Safe Harbor Principles"on the Adequacy of the "International Safe Harbor Principles"
• Opinion 2/99 on the Adequacy of the "International Safe Harbor Principles" issued by the US Department of Commerce on 19th April 1999
• Opinion 1/99 concerning the level of data protection in the United States and the ongoing discussions between the European Commission and the United States Government

---

Press releases