Transferring Data Outside Europe – A Quick Guide

Author:Ms Sarah Thompson
Profession:McGuireWoods LLP

The ongoing globalisation of business, and ever more accessible technology, allows personal data to be transferred anywhere in the world. Data protection laws allow such transfers to be made within the European Economic Area (EEA). However, transfers to countries outside the EEA are prohibited unless sufficient safeguards are put in place to protect the rights of the individuals to whom the data relates (data subjects).

The following highlights the ways in which personal data can be transferred outside the EEA:

It is transferred to a country approved by the European Commission as having an "adequate level of protection" (e.g., Australia and Canada). It is transferred to a U.S. company registered under the U.S. "safe harbor" programme. The safe harbor scheme is currently under negotiation at the EU level following the Snowden revelations about mass surveillance of EU citizens' personal data held by U.S. cloud computing providers. A decision of the European Court of Justice on the validity of the safe...

To continue reading