CPDP (Computers, Privacy and Data Protection) 2017
EU Adequacy Status for International Data Transfers
According to EU data protection laws, countries only have blanket freedoms to receive and process personal data from the EU if they have been awarded an adequacy status by the Commission. Given the vital importance of data transfers between countries in the global economy, having such a status is a valuable asset, as other available legal means of transfer are more limited. India, for e.g. is said to be losing in excess of Euro 30 billion per year through lost trade with the EU, as it lacks such adequacy status. In the 20+ years since the data protection Directive was passed, only 11 states have been decided to be ‘adequate’ by the Commission – which include the US with its recently awarded Privacy Shield. The Commission methodology and procedures for granting adequacy to countries is increasingly under scrutiny – for e.g. a recent study found that the way it makes adequacy decisions for its trade partners could be accused of being obscure, inconsistent and without clear criteria or rules or timeframes. This also makes EU data protection laws vulnerable to challenge under world trade rules. This panel will address the following questions:
Questions to be considered:
- On what basis does the EU and the Commission make decisions on whom to grant adequacy status?
- In the light of the Schrems judgement defining adequacy as ‘essentially equivalent’, should all past decision be revised?
- Given that more than 100 countries now have general data protection laws, how should countries be chosen for adequacy judgements?
- What criteria and methodologies should be used to ensure all countries are treated equally, to ensure fundamental rights are equally upheld, and to avoid possible challenge under WTO rules?
- (New) What are your views on the EC proposal to facilitate international transfers of personal data, recently published?
Panel:
Chair: Jan Albrecht MEP
Panel:
Kristina Irion, Institute of Information Law (IVIR), University of Amsterdam:
Kristina is expert academic in both data protection and related trade issues, author of recent study ‘Trade and Privacy: complicated bedfellows’
Amber Sinha, Centre for Internet and Society (CIS), India
Amber is policy researcher specialising in privacy and big data ; CIS is an India NGO and partner organisation of Privacy International.
Daniel Cooper, Covington and Burling ;
Dan is partner at this global law firm, which advises both business and government clients round the world ; he leads the data protection practice in London
Bruno Gencarelli, European Commission DG Justice ;
Bruno is the head of the new DG Justice unit on data flows and data protection, and as such the Commission boss of adequacy
Veronica Perez-Asinari, European Data Protection Supervisor (EDPS).
Veronica is the EDPS head of unit for supervision and enforcement; she has also recently spent some months working with the Argentina DPA (Argentina has EU adequacy).
Moderator: Anna Fielder, Privacy International