Skip to main content Accessibility help
×
Hostname: page-component-78c5997874-xbtfd Total loading time: 0 Render date: 2024-11-18T10:28:20.685Z Has data issue: false hasContentIssue false

22 - Flagrant Denial of Data Protection: Redefining the Adequacy Requirement

from PART III - ALTERNATIVE APPROACHES TO THE PROTECTION OF PRIVACY

Published online by Cambridge University Press:  29 September 2018

Get access

Summary

POINT OF DEPARTURE

Given the reality of the ‘information society’ worldwide, this is an arena in which we must play the game and we have to recognize that others may make the rules. 1

The author of this quote is George B Trubow, well-known US privacy and information law expert, describing the US position in 1992, a time during which EU institutions were draft ing Directive 95/46/EC The latter introduced the adequacy requirement obliging non-Member States to have an adequate level of data protection, without which no personal data exchange with the EU was allowed Trubow recognised that the US data protection system would not pass this adequacy test, in particular regarding the purpose limitation principle known in the US as the secondary use limitation, or function creep.

Aft er the entry into force of the EU's first legal instrument on data protection, Directive 95/46/EC – on the protection of personal data processed for activities within the scope of Community law, largely corresponding with commercial activities – the adequacy requirement was copied into the Council of Europe's 2001 Additional Protocol to the Data Protection Convention (2001 Additional Protocol) Later it was also copied into EU Framework Decision 2008/977/JHA on data protection in criminal matters (2008 Framework Decision) This means that both EU and Council of Europe (CoE) Member States may have to assess the adequate level of data protection of a third state requesting for personal data The term ‘Member States’ will in this contribution thus refer to EU or CoE Member States For the sake of argument, abstraction is made of the fact that the adequacy requirement is not applied for all data transfers and that not all CoE Member States have ratified the 2001 Additional Protocol This chapter focuses on the (need for an) adequacy rule itself, and not its application.

The adequacy requirement has given rise to a variety of issues in the EU Oft en these concerned issues related to inconsistencies in application Most recently the adequacy requirement was questioned by Austrian national Maximillian Schrems in his complaint against the Irish Data Protection Authority regarding Facebook's transfer of personal data from the EU to its US-based servers.

Type
Chapter

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×