Dear Clare
Spain passed a data protection law compliant with its directive
requirements in 1999 (Law 15/99). I agree you cannot route data through
countries to avoid higher level of restrictions (it would still be the
source data controller who then transfers the data out of the EEA). I
believe Spain does not allow the data controller itself to make an
assessment as to adequacy of the protection in the destination country
(as does the UK and some other member states) and so it seems as if you
are left with the option of having the US entity join Safe Harbor or
sign up to a model contract or possibly even Binding Corporate Rules.
Renzo
Renzo Marchini
Dechert LLP
+44 (0) 20 7184 7563 direct
+44 (0) 20 7184 7001 fax
[log in to unmask]
www.dechert.com
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Clare Watts
Sent: 29 August 2007 14:31
To: [log in to unmask]
Subject: [data-protection] Transfer of data outside EEA via another EU
country
Dear list members,
I have a doosey for you.
The theory is: I would like to arrange a one off transfer to a seperate
legal entity, (but part of our company "group") a selection personal
data
(name only) to perform a processing function for us. The company is
based
in the US. We have the appropriate intercompany agreements in place.
We can do this with UK data and in addition, we already have customer
consent.
I have asked if we can do this with some Spanish data. The response is
that we can, but because Spain does not adopt EU directive until
December
2007, they do not have the protection of this and therefore the data
must
be sent via the UK first to then be transferred outside of the EEA via
the
UK and thus avoid Spanish requirements.
Now I have had this before, where people believe that if you transfer
data
within Europe, to the country with the weakest interpretation of the
appropriate part of the Directive, you can send it outside the EEA
without
adherence to the law of the country of origin, but I just don't buy it.
If it was that simple, surely we'd all be doing that?
My worry is that I am sure I have read in the directive that the law of
the country of origin must be followed, (i.e. not the country that the
data is finally transfered from.)
In addition, has anyone heard of Spain NOT yet adopting the EU
directive?
I thought all member states had to adopt it some time ago?
Any comments or advice will be gratefully received.
Clare
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This e-mail is from Dechert LLP, a law firm, and may contain information that is confidential or privileged. If you are not the intended recipient, please delete the e-mail and any attachments, and notify the sender. Dechert LLP is a limited liability partnership registered in England & Wales (Registered No. OC306029) and is regulated by the Solicitors Regulation Authority. A list of names of the members of Dechert LLP (who are solicitors or registered foreign lawyers) is available for inspection at its registered office, 160 Queen Victoria Street, London EC4V 4QQ.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|