DIGITALEUROPE’S INPUT ON INTERNATIONAL DATA TRANSFERS UNDER THE GDPR (FABLAB CONFERENCE)
On 18 October 2017, the Article 29 Working Party (WP29) organized its regular FabLab event on the General Data Protection Regulation (GDPR). The event had two sessions (1) on the international data transfers and (2) on transparency under the GDPR.
DIGITALEUROPE responds to the questionnaire sent to stakeholders ahead of the international data transfers session, raising few key aspects for further consideration:
Chapter V “Transfers of personal data to third countries or international organisations” could benefit from further clarification and simplification of the rules;
Adequacy decisions should focus on the outcome rather than the content; hence, couldn’t be solely based on GDPR;
EU diplomatic toolbox should be used to (1) strengthen the slow progress of the development of international norms and (2) address the wide-ranging powers on national intelligence agencies;
Access mechanisms differ from transfer mechanisms;
Certification methodology needs to be both agile and robust, and it should certify a minimum set of requirements for a Privacy Program. It should also leverage international experience around certification.
DIGITALEUROPE supports the efforts to increase the dialogue with stakeholders throughout the GDPR implementation process.