g-docweb-display Portlet

Authorisation for the Transfer of Personal Data to Canada - 30 april 2003 [1670023]

Stampa Stampa Stampa
PDF Trasforma contenuto in PDF

[doc. web n. 1670023]

versione italiana

Authorisation for the Transfer of Personal Data to Canada - Provision no. 6 of 30 April 2003

Garante per la protezione dei dati personali

Prof. Stefano Rodotà, President, Prof. Giuseppe Santaniello, Vice-President, Prof. Gaetano Rasi and Mr. Mauro Paissan, Members, and Mr. Giovanni Buttarelli, Secretary General, having convened today,

Having regard to Article 25(1) and (2) of directive 95/46/EC of the European Parliament and of the Council of 24 October 1995, providing that personal data may be transferred to a country outside the European Union if the third country in question ensures an adequate level of protection, as set forth in paragraph 2 of the abovementioned Article,

Having regard to Article 25(6) of the abovementioned directive, providing that the European Commission may find that a third country ensures an adequate level of protection within the meaning of paragraph (2) above for the protection of the private lives and the rights and fundamental freedoms of individuals,

Having regard to the European Commissions Decision of 20 December 2001, no. 2002/2/EC as published on the Official Journal of the European Communities L2/13 of 4 January 2001, in which it is found that Canada ensures an adequate level of protection of the personal data transferred from the European Union to recipients subject to the Canadian Personal Information and Electronic Documents Protection Act ("the Canadian Act") of 13 April 2000,

Whereas Member States are required to take the necessary measures to comply with the Commissions Decision in pursuance of paragraph 6 of said Article 25 of the directive,

Having regard to Section 28 of Act no. 675 of 31 December 1996, as amended by Section 10 of legislative decree no. 467 of 28 December 2001, providing that the transfer of personal data to third countries may take place a) where the laws of the country of destination or transit ensure an adequate level of protection of individuals or, with respect to sensitive data or certain categories of judicial data, a level of protection that is equal to the one afforded by Italian laws, b) in the cases referred to in paragraph 4 of Article 28, or c) where it is authorised by the Garante on the basis of adequate safeguards for the data subjects rights, which may either result from contractual clauses or be specified by the European Commission in the decisions referred to in Article 25(6) and 26(4) of Directive 95/46/EC of the European Parliament and of the Council, of 24 October 1995 (paragraph 4, subheading g) ),

Whereas it is necessary to take the measures required to implement the Commissions Decision, as provided for by said Article 28(4), letter g),

Having regard to recital (5) in the Commissions Decision concerning the scope of application of the Canadian Act and the three stages envisaged for entry into force of the latter Act, as well as to recitals (6) and (7) concerning the subsequent passage of data protection legislation by Canadian provinces,

Whereas the Commissions Decision may be amended at any time in the light of experience with its implementation and/or changes in Canadian legislation, including measures recognising that a Canadian province has substantially similar legislation (see Article 4),

Having regard to Articles 2 and 3 in the Commissions Decision concerning controls and measures by data protection authorities of Member States on lawfulness and fairness of data transfers and data processing operations preceding said transfers, also in the light of the provisions made in Article 4 of Directive 95/46/EC on the national law applicable,

Whereas it is necessary to publicise further the abovementioned Decision by having it published on the Official Journal of the Italian Republic as an Annex to this authorisation,

Having regard to official records,

Having regard to the considerations made by the Secretary General on behalf of the authority, as required by Article 15 of the Garantes Regulations no. 1/2000,

Acting on the report submitted by Prof. Stefano Rodotà,

THE GARANTE HEREBY

1) authorises the transfer of personal data from the States territory to private sector organisations established in Canada, which are subject to the Canadian Personal Information and Electronic Documents Protection Act ("the Canadian Act") of 13 April 2000, in compliance with the European Commissions Decision no. 2002/2/EC of 20 December 2001,

2) reserves the right to perform the necessary controls on lawfulness and fairness of data transfers and processing operations preceding said transfers in pursuance of Community law, Act no. 675/1996 and Article 3 of the Commissions Decision, and to take action possibly by blocking or prohibiting the transfer,

3) orders that this authorisation and the Commissions Decision annexed hereto be sent to the Publishing Department at the Ministry of Justice for them to be published on the Official Journal of the Italian Republic.

Done in Rome, this 30th day of April 2003

The President
Rodotà

The Rapporteur
Rodotà

The Secretary General
Buttarelli