Skip to main content Accessibility help
×
Home
Hostname: page-component-8bbf57454-9wdfl Total loading time: 0.843 Render date: 2022-01-24T11:06:04.657Z Has data issue: true Feature Flags: { "shouldUseShareProductTool": true, "shouldUseHypothesis": true, "isUnsiloEnabled": true, "metricsAbstractViews": false, "figures": true, "newCiteModal": false, "newCitedByModal": true, "newEcommerce": true, "newUsageEvents": true }

22 - Flagrant Denial of Data Protection: Redefining the Adequacy Requirement

from PART III - ALTERNATIVE APPROACHES TO THE PROTECTION OF PRIVACY

Published online by Cambridge University Press:  29 September 2018

Get access

Summary

POINT OF DEPARTURE

Given the reality of the ‘information society’ worldwide, this is an arena in which we must play the game and we have to recognize that others may make the rules. 1

The author of this quote is George B Trubow, well-known US privacy and information law expert, describing the US position in 1992, a time during which EU institutions were draft ing Directive 95/46/EC The latter introduced the adequacy requirement obliging non-Member States to have an adequate level of data protection, without which no personal data exchange with the EU was allowed Trubow recognised that the US data protection system would not pass this adequacy test, in particular regarding the purpose limitation principle known in the US as the secondary use limitation, or function creep.

Aft er the entry into force of the EU's first legal instrument on data protection, Directive 95/46/EC – on the protection of personal data processed for activities within the scope of Community law, largely corresponding with commercial activities – the adequacy requirement was copied into the Council of Europe's 2001 Additional Protocol to the Data Protection Convention (2001 Additional Protocol) Later it was also copied into EU Framework Decision 2008/977/JHA on data protection in criminal matters (2008 Framework Decision) This means that both EU and Council of Europe (CoE) Member States may have to assess the adequate level of data protection of a third state requesting for personal data The term ‘Member States’ will in this contribution thus refer to EU or CoE Member States For the sake of argument, abstraction is made of the fact that the adequacy requirement is not applied for all data transfers and that not all CoE Member States have ratified the 2001 Additional Protocol This chapter focuses on the (need for an) adequacy rule itself, and not its application.

The adequacy requirement has given rise to a variety of issues in the EU Oft en these concerned issues related to inconsistencies in application Most recently the adequacy requirement was questioned by Austrian national Maximillian Schrems in his complaint against the Irish Data Protection Authority regarding Facebook's transfer of personal data from the EU to its US-based servers.

Type
Chapter
Information
Publisher: Intersentia
Print publication year: 2017

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Send book to Kindle

To send this book to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle.

Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Send book to Dropbox

To send content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about sending content to Dropbox.

Available formats
×

Send book to Google Drive

To send content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about sending content to Google Drive.

Available formats
×