Agencia española de protección de datos

Protection of data in the world

The geographical distribution of countries with specific rules of data protection and with authorities responsible for ensuring their application is mixed. Europe is a continent where the protection of data has achieved a higher level and in almost all european countries can be found some of these elements and often both. North america is also a region where data protection, or more precisely, privacy, has achieved a high level of development. In recent years there have been significant progress in legislation and institutionalization in the field of data protection in Ibero-america and the Pacific and in some regions of Africa.

Countries with data protection authority

Normally, the existence of laws governing the processing of personal data is accompanied by the establishment of supervisory authorities responsible for the enforcement of those laws. In the european environment, the independence of these data protection authorities is considered an indispensable feature for an effective performance of their functions, but in other geographical areas that independence can be assessed or be implemented in different ways as happens in europe.

Here available a list of all countries of the world with the data protection authority recognised as such by the international conference of commissioners of data protection and Privacy. The status of member of the conference required the authorities a number of requirements, including independence in the exercise of its functions and the monitoring of specific rules of data protection. In some countries there are also subnational authorities territorial or sector. Similarly, a small number of countries have legislation but have not given the control of their application to specific authorities.

Countries with adequate level of protection

The concept of adequate level of protection or "adequacy" relates to data protection in the european union. Directive 95 / 46 prohibits the transfer of data to countries that do not have an adequate level of data protection and establishes a procedure for determining formally if a country provides that level of protection. In short, the decision rests with the commission, after consulting the group of article 29 and to a committee of representatives of the member states, which cherishes a number of elements such as the existence of data protection laws, the content of these laws and the practical operation of the system of protection of data. The group of article 29 Authorities adopted a Opinion those adequacy finding criteria.

The main consequence of a country is declared is appropriate for data may be transferred from the member states of the european union without any type of formality or special leave. To date, have been regarded as offering adequate protection:

  • Andorra
  • Argentina
  • Canada (private Sector)
  • Switzerland
  • Faroes
  • Guernsey
  • Israel
  • Isle of Man
  • Jersey
  • New Zealand
  • Uruguay

Entities providing adequate guarantees for data protection ("Privacy Shield")

The court of justice of the european union (ECJ) declared invalid the Commission decision 2000/520/ec establishing the appropriate level of protection of guarantees for international transfers of data to THE US offered by the agreement of Safe Harbour.

In july 2016 the Commission published the Decision 2016 / 1250 on the adequacy of the protection conferred by a new scheme known as "Privacy Shield UE-EE".

The european commission has published a Guide of the privacy Shield.