• Courses
      • Global Series of National Privacy Laws
      • Nederlandse Privacy Academie
    • Resources
    • Join GADPPRO ACADEMY
      • Join GADPPRO Academy as an Official Partner
      • Become an Official GADPPRO Training Entity
      • Join the GADPPRO Business Academy
      • Secretariat & International Training Centre
      • Contact Us
    •  
      • RegisterLog in
    Privacad GADPPRO Academy
      • Courses
        • Global Series of National Privacy Laws
        • Nederlandse Privacy Academie
      • Resources
      • Join GADPPRO ACADEMY
        • Join GADPPRO Academy as an Official Partner
        • Become an Official GADPPRO Training Entity
        • Join the GADPPRO Business Academy
        • Secretariat & International Training Centre
        • Contact Us
      •  
        • RegisterLog in

      Blog

      Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies

      • Categories Blog, Business, Design / Branding, Free Data Protection Resources, Uncategorized
      • Date October 7, 2020

      Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies

      Section 2.8  Supervision mechanisms

      51. In order to make sure that all obligations created under the international agreement are fulfilled, the international agreement should provide for independent supervision monitoring the proper application of the agreement and interferences with the rights provided under the agreement.

      52. First, the agreement should provide for internal supervision ensuring compliance with the agreement. Each party to the agreement should conduct periodic internal checks of the procedures put in place and of the effective application of the safeguards provided in the agreement. Moreover, it could be provided that a party to the agreement can also request from another party to the agreement to conduct such a review. Each party conducting a review should communicate the results of the checks to the other party(ies) to the agreement. Ideally, such communication should also be made to the independent oversight mechanism governing the agreement.

      53. More generally, the agreement should require that parties respond to inquiries from the other party concerning the effective implementation of the safeguards in the agreement and inform the other party without delay if they are unable to effectively implement the safeguards in the agreement for any reason. For this case the international agreement should foresee the possibility for the transferring public body to suspend or terminate the transfer of personal data under the international agreement to the receiving public body until such time as the receiving public body informs the transferring public body that it is again able to act consistent with the safeguards. The transferring body should notify the suspension or termination to the competentnational SA.

      54. Secondly, the agreement must provide for independent supervision in charge of ensuring that the parties comply with the provisions set out in the agreement. This follows directly from the Charter of Fundamental Rights of the European Union (EU Charter) and the European Convention of Human Rights (ECHR) as well as the corresponding case law.

      55. The Court of Justice of the European Union (ECJ), has, since 2015, reiterated the necessity of having an independent redress and supervision mechanism. Likewise, the European Court of Human Rights (ECtHR) has frequently highlighted in its rulings that any interference with the right to respect for private life as enshrined in Article 8 ECHR needs to be subject to an effective, independent and impartial oversight system.

      56. The agreement could, for example, invoke oversight by a competent supervisory authority, if there is one in the country of the public body receiving the EEA personal data, even if the GDPR does not specify that the competent supervisory authority needs to be the external oversight body.

      57. In the absence of a supervisory authority specifically in charge with the supervision of data protection law in the third country or at the international organisation, the need for an independent, effective and impartial supervisory oversight mechanism needs to be fulfilled by other means. The type of independent supervision mechanism put in place may depend on the case at hand.

      58. The agreement could, for example, refer to existing oversight bodies in the third country other than a supervisory authority in the area of data protection. In addition, if no external independent oversight can be ensured from a structural or institutional point of view, e.g. for certain international organisations, oversight could be guaranteed through functionally autonomous mechanisms. The latter should be a body that, while not external itself, carries out its functions independently, i.e. free from instructions, with sufficient human, technical and financial resources, etc. Moreover, the agreement could include the voluntary commitment of the receiving party to cooperate with the EEA SAs.

      • Share:
      author avatar
      Richard V

      Previous post

      Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
      October 7, 2020

      Next post

      Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
      October 7, 2020

      You may also like

      Children Safety Encryption www.privacad.com
      Apple’s New Step to Protect Child Abuse via Encryption Feature
      20 August, 2021
      DNA Technology and Privacy www.privacad.com
      DNA Technology Regulation Bill and Violation of Privacy for Minority Groups
      19 August, 2021
      www.privacad.com
      India accuses Twitter of not complying with new IT rules
      18 August, 2021

      Search

      Categories

      • Blog
      • Business
      • Design / Branding
      • Free Data Protection Resources
      • Nederlandse Privacy Academie
      • Uncategorized
      Facebook-f Linkedin-in

      © Privacad 2020

      For all your questions about courses

      students@privacad.com

      For all your questions about Privacad for business

      info@privacad.com

      Links

      • Courses
      • Become a GADPPRO Academy Official Training Entity
      • Resources
      • Free Data Protection Resources
      • Blog
      • Profile
      • Students Stewards Network (SSN)

      Support

      • Privacy Policy
      • Terms of Use
      • FAQs
      • Contact

      © GADPPRO Academy | Privacad 2022

      GADPPRO Academy 2022

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account

      Are you a member? Login now