Share

Technology and Privacy – News about international transfers of personal data

Technology and Privacy – News about international transfers of personal data

By Josefina Piñeiro and Mateo Darget.

Summary: In this article, we comment on the different developments that have emerged in recent months regarding international transfers of personal data.

In recent months, two important developments have occurred regarding international transfers of personal data. On the one hand, US President Joe Biden signed the Executive Order called “Privacy Shield 2.0”. On the other hand, the Ibero-American Data Protection Network (“Network”) released the Guide for the implementation of standard contractual clauses that can be used to validate international data transfers (“Guide”).

1) Agreement between U.S. and UE.

For several years disputes have been increasing as a result of revelations about cyber espionage by the United States (“US”) government. In 2020, the judgment of the Court of Justice of the European Union (“EU”) known as “Schrems II” was published, which generated important consequences for the processing and transfer of data in America. On that occasion, the Court declared invalid the “Privacy Shield”, an agreement between the US and the EU that enabled the cross-border transfer of data. In the ruling, it was considered that the US legislation did not provide guarantees in accordance with the EU requirements regarding the protection of personal data and therefore limited their possibility of data processing.

After many negotiations between US and EU to reach an agreement regarding the creation of a regulatory framework that enables the international transfer of personal data, Joe Biden signed the Executive Order known as “Privacy Shield 2.0”. Among the objectives of the agreement signed on October 7, 2022, the following stand out:

1. Require U.S. intelligence authorities to limit U.S. signals intelligence activities to what is necessary and proportionate.
2. Establish a redress mechanism to review qualifying complaints transmitted by the appropriate public authority in a qualifying state concerning United States signals intelligence activities for any covered violation of US law and, if necessary, appropriate reparation of damages.

2) The Network’s guide

On September 27, 2022, the final version of the Network’s Guide was published. It was presented in November 2021 in order to receive comments and observations from interested parties.

As we mentioned in a previous edition of BeNews (see here), the Guide regulates the use of standard contractual clauses (“SCC”) for the international transfer of personal data.

In Argentina, Law 25,326 establishes as a general principle the prohibition of the transfer of personal data of any kind with countries or international or supranational organizations that do not provide adequate levels of protection (section 12, subsection 1).

On the other hand, although in Latin America there are no SCC approved at the regional level, the Agency for Access to Public Information approved through Rule No. 60-E/2016 two SCC to be used in cases of international transfers of personal data that involves the transmission of information to data controllers or data processors.

Para más información contactarse con: jpineiro@ojambf.com y/o mdarget@ojambf.com.

Share post: