The Office for Personal Data Protection


International


Find


Important links

 

Path: Home Page > Main menu > Transferring personal data abroad

 

Review of cases of personal data transfer abroad, which are not subject to an office permit

 
 
 

  1. Transfers of personal data pursuant to Article 27(1) of Act No. 101/2000 Coll. – pursuant to that provision, free movement of personal data shall not be restricted as long as the information is transferred to a member state of the European Union (Austria, Belgium, Bulgaria, Cyprus, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Nederland, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Great Britain).

  2. The first group of transfers of personal data pursuant to Article 27(2) of Act No. 101/2000 Coll. – pursuant to that provision, personal data may be transferred to third countries (i.e., outside the European Union) as long as the prohibition of restriction of the free movement of personal data is ensuing from an international treaty the ratification of which has been approved by the Parliament and which is binding the Czech Republic. In particular, this provision shall apply to those countries, which have ratified the Convention for the protection of individuals with regard to automatic processing of personal data (Council of Europe, ETS 108, 1981) and whose legislations thus guarantee sufficient protection of personal data in keeping with all requirements of the Directive of the European Parliament and of the Council 95/46/EC (and thus also of Act No. 101/2000 Coll.). Currently they are the following countries: Albania, Bosnia and Herzegovina, Montenegro, Georgia, Croatia, Iceland, Liechtenstein, Macedonia, Norway, Serbia, Switzerland.

  3. The second group of transfers of personal data pursuant to Article 27(2) of Act No. 101/2000 Coll. – in keeping with Article 27(2), personal data may be transferred to third countries subject to a decision of an institution of the European Union. Currently, they are the following decisions:

    1. Commission Decision of 20 December 2001 pursuant to Directive of the European Parliament and of the Council 95/46/EC on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act.

    2. Commission Decision of 30 June 2003 pursuant to Directive of the European Parliament and of the Council 95/46/EC on the on the adequate protection of personal data in Argentina.

    3. Commission Decision of 21 November 2003 on the adequate protection of personal data in Guernsey.

    4. Commission Decision of 26 July 2000 pursuant to Directive of the European Parliament and of the Council 95/46/EC on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce – "Safe Harbor".

    5. Commission Decision of 28 April 2004 on the adequate protection of personal data in the Isle of Man.

    6. Commission Decision of 15 June 2001 on standard contractual clauses for the transfer of personal data to third countries, under Directive 95/46/EC.

    7. Commission Decision of 27 December 2001 on standard contractual clauses for the transfer of personal data to processors established in third countries, under Directive 95/46/EC.

    8. Commission Decision of 27 December 2004, amending Decision 2001/497/EC, as regards the introduction of an alternative set of standard contractual clauses for the transfer of personal data to third countries.

Note:

The Commission Decisions relating to Argentina, Guernsey and the Isle of Man mean in practice that it is absolutely not necessary to seek the Office’s permit pursuant to Article 27 of Act No. 101/2000 Coll., in transferring personal data because the legislative protection in those countries or territories has been adequate. On the other hand, in case of the United States ("Safe Harbor") and data of air passengers) and of Canada, it is necessary to review whether they are cases covered by the relevant Commission Decision – it is recommended to consult with the Office. The incorporation of the latest two Commission Decisions, which relate to standard contractual clauses means that no Office permits need to be sought in cases of contractual coverage between the local subject transferring personal data to a third country and the foreign "importer" of such personal data, as long as the contract contains standard contractual clauses fully in line with the relevant Commission Decision; in case of any contractual solutions, which differs in any manner from the standard contractual clauses, Article 27(3)(b) of Act No. 101/2000 Coll. applies and it is necessary to seek the permit from the Office, so that it can review adequacy of such contractual arrangements and meet its notification duty towards the European Commission in keeping with Art. 26(3) of Directive 95/46/EC.

 

Context

Placing: Document folders > Site map > Main menu > Transferring personal data abroad > Review of cases of personal data transfer abroad, which are not subject to an office permit

Display up to date documents | document archive | documents including archive

 
 

Mode No graphics is currently switched on. Therefore you see the web page with no decorative graphics as well as any advanced formatting. If your browser supports CSS2, you can switch a graphic mode on.


Copyright © 2013 The Office for Personal Data Protection. All rights reserved.
web & design , editorial system