Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies

Paragraph 2.4.1  Right to Transparency

27. Parties must ensure that the international agreement contains clear wording describing the transparency obligations of the parties.

28. Such obligations should include on the one hand, a general information notice with, as a minimum, information on how and why the public bodies may process and transfer personal data, the relevant tool used for the transfer, the entities to which such data may be transferred, the rights available to data subjects and applicable restrictions, available redress mechanismsand contact details for submitting a dispute or claim.

29. However, a general information notice on the website of the public body concerned will not suffice. Individual information to data subjects should be made by the transferring public body in accordance with the notification requirements of Articles13 and 14 GDPR. The international agreement can also provide for some exceptions to such individual information. These exceptions are limited and should be in line with the ones provided under Article 14 (5) GDPR.

30. In addition, the parties must commit to make the international agreement available to data subjects on request and to make the international agreement or the relevant provisions providing for appropriate safeguards publicly available ontheir website.