Subject: Personal data protection Directive
From: Barbara Schleihagen (Eblida@nblc.nl)
Date: pe 23 loka 1998 - 14:39:32 EEST
Dear All,
The Directive on the protection of personal data (95/46/EC) enters into
effect on 25 October 1998. The Directive will establish a regulatory
framework to ensure both a high level of protection for the privacy of
individuals in all Member States and the free movement of personal data
within the European Union. By minimising differences between Member States'
data protection rules, the Directive will facilitate the development of
electronic commerce. The Directive also establishes rules to ensure that
personal data is only transferred to countries outside the EU when its
continued protection is guaranteed, so as to ensure the high standards
of protection introduced by the Directive within the EU are not undermined.
European Commissioner for the Single Market, Mario Monti, is disappointed
that some Member States are lagging behind on implementing the Directive in
national law, and will not hesitate to open infringement procedures against
them. He stresses that the Directive will be applicable from 25 October.
In most European countries, personal data protection is a constitutional
principle and the right to privacy is enshrined in the European Convention
on Human Rights (Article 8). However, until now, differences between
national data protection laws have resulted in obstacles to transfers of
personal data between Member States. The Directive therefore lays down
common rules, to be observed by those who collect, hold or transmit
personal data as part of their economic or administrative activities or in
the course of the activities of their association. There is an obligation
to collect and process personal data only for specified, explicit and
legitimate purposes, and to ensure that such data is relevant, accurate and
up-to-date.
Data flows to non-EU countries
For cases where data is transferred to non-EU countries, the Directive
includes provisions to prevent the EU rules from being circumvented. The
basic rule is that the data should only be transferred to a non-EU country
if it will be adequately protected there, although a practical system
of exemptions and special conditions also applies (such as for data where
the subject has given consent or which is necessary for performance of a
contract with the person concerned, to defend legal claims or to protect
vital interests (e.g. health) of the person concerned).
Such provisions are compatible with the General Agreement on Trade in
Services (GATS, Article XIV), which recognises the protection of personal
data as a legitimate reason for restricting the free movement of services.
The advantage for non-EU countries where adequate protection can be
provided is that the free flow of data from all 15 EU states will
henceforth be assured, whereas up to now each Member State has decided on
such questions separately.
The adequacy of data protection safeguards concerning transfers to non-EU
countries will be considered case by case. Adequacy will not necessarily
require a non-EU country to apply legislation similar to the EU's
Directive. Alternative systems, such as voluntary arrangements applied by
industry, or binding contractual clauses between the parties concerned by
the data
transfer, may be considered adequate if they are effectively applied and
offer sufficient safeguards concerning data subjects' rights, including
rights of redress.
The Commission is involved in on-going contacts with a number of non-EU
countries in order to explore ways of avoiding possible interruptions to
exchanges of personal data. The Article 31 Committee meets on 26 October to
consider the current state of play on these contacts.
Implementation
As of 23 October, Greece ,Portugal, Sweden, the United Kingdom and Italy
have implemented the Directive, although the latter three still need to
adopt some additional rules. Implementing laws are under consideration by
the Parliaments of all other Member States except Germany, France and
Luxembourg. In those Member States where the implementing legislation is
not yet in place, individuals will be entitled to invoke the Directive's
provisions before national courts, in accordance with the case law of the
Court of Justice (Marleasing case, C-106/89, 13.11.90). In addition,
individuals suffering damage as a result of a Member State's failure to
implement the Directive will be entitled to seek reparations before
national courts, under the terms of the Court of Justice's case law in the
Francovich case (C-6/90 and C-9/90, 19.11.91).
Additional relevant information is available on the Internet:
http://europa.eu.int/comm/dg15/en/media/dataprot/index.htm
(Source: RAPID, The Spokesman's Service of the European Commission, at:
http://europa.eu.int./rapid/start/welcome.htm)
Barbara Schleihagen
**********************************************************************
EBLIDA
Barbara Schleihagen, Director
Heidi Hogan, EU Policy Officer
P.O. Box 43300
NL-2504 AH The Hague
Tel: +31-70-309 06 08
Fax: +31-70-309 07 08
email: eblida@nblc.nl
http://www.kaapeli.fi/~eblida/
This archive was generated by hypermail 2a24 : to 25 huhti 2024 - 01:20:15 EEST