Recital 90*

Go to related Article 44

Commission proposal

 (90) Some third countries enact laws, regulations and other legislative instruments which purport to directly regulate data processing activities of natural and legal persons under the jurisdiction of the Member States. The extraterritorial application of these laws, regulations and other legislative instruments may be in breach of international law and may impede the attainment of the protection of individuals guaranteed in the Union by this Regulation. Transfers should only be allowed where the conditions of this Regulation for a transfer to third countries are met. This may inter alia be the case where the disclosure is necessary for an important ground of public interest recognized in Union law or in a Member State law to which the controller is subject. The conditions under which an important ground of public interest exists should be further specified by the Commission in a delegated act.

EDRi’s Proposed amendment

(90) Some third countries enact laws, regulations and other legislative instruments which purport to directly regulate data processing activities of natural and legal persons under the jurisdiction of the Member States. The extraterritorial application of these laws, regulations and other legislative instruments may must, by default, be considered to be in breach of international law and may impede the attainment of the protection of individuals guaranteed in the Union by this Regulation. Transfers should only be allowed where the conditions of this Regulation for a transfer to third countries are met. This may inter alia be the case where the disclosure is necessary for an important ground of public interest recognised in Union law or in a Member State law to which the controller is subject. The conditions under which an important ground of public interest exists should be further specified by the Commission in a delegated act. The existence of legislation which would, even theoretically, permit extra-territorial access to European citizens’ data will be considered, on its own and regardless of the application of legislation, be considered as grounds to revoke recognition of adequacy of the data protection regime of that country or any equivalent bilateral arrangement.

Justification
It is logically impossible to consider that a country which has active legislation that could undermine European citizens’ rights could be simultaneously capable of having legislation in place that could abuse personal data hosted in Europe and be considered to have “adequate” data protection for European data hosted in that jurisdiction. See also the newly proposed Article 44a.

  • eu logo The launch and upkeep (until December 31, 2013) of this website received financial support from the EU's Fundamental Rights and Citizenship Programme.
%d bloggers like this: