JISCMail - DATA-PROTECTION Archives

Dear Clare

Spain passed a data protection law compliant with its directive
requirements in 1999 (Law 15/99).  I agree you cannot route data through
countries to avoid higher level of restrictions (it would still be the
source data controller who then transfers the data out of the EEA).  I
believe Spain does not allow the data controller itself to make an
assessment as to adequacy of the protection in the destination country
(as does the UK and some other member states) and so it seems as if you
are left with the option of having the US entity join Safe Harbor or
sign up to a model contract or possibly even Binding Corporate Rules. 

Renzo 


Renzo Marchini 
Dechert LLP 
+44 (0) 20 7184 7563 direct 
+44 (0) 20 7184 7001 fax 
[log in to unmask]
www.dechert.com


-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Clare Watts
Sent: 29 August 2007 14:31
To: [log in to unmask]
Subject: [data-protection] Transfer of data outside EEA via another EU
country

Dear list members,


I have a doosey for you.

The theory is:  I would like to arrange a one off transfer to a seperate

legal entity, (but part of our company "group") a selection personal
data 
(name only) to perform a processing function for us.  The company is
based 
in the US.  We have the appropriate intercompany agreements in place.

We can do this with UK data and in addition, we already have customer 
consent.

I have asked if we can do this with some Spanish data.  The response is 
that we can, but because Spain does not adopt EU directive until
December 
2007, they do not have the protection of this and therefore the data
must 
be sent via the UK first to then be transferred outside of the EEA via
the 
UK and thus avoid Spanish requirements.

Now I have had this before, where people believe that if you transfer
data 
within Europe, to the country with the weakest interpretation of the 
appropriate part of the Directive, you can send it outside the EEA
without 
adherence to the law of the country of origin, but I just don't buy it.

If it was that simple, surely we'd all be doing that?

My worry is that I am sure I have read in the directive that the law of 
the country of origin must be followed, (i.e. not the country that the 
data is finally transfered from.)

In addition, has anyone heard of Spain NOT yet adopting the EU
directive?  
I thought all member states had to adopt it some time ago?

Any comments or advice will be gratefully received.


Clare

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list
owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your
needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


  
 This e-mail is from Dechert LLP, a law firm, and may contain information that is confidential or privileged. If you are not the intended recipient, please delete the e-mail and any attachments, and notify the sender. Dechert LLP is a limited liability partnership registered in England & Wales (Registered No. OC306029) and is regulated by the Solicitors Regulation Authority. A list of names of the members of Dechert LLP (who are solicitors or registered foreign lawyers) is available for inspection at its registered office, 160 Queen Victoria Street, London EC4V 4QQ.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^