Bonn/Berlin, 19 February 2020
Press release 05/2020
The EDPB’s guidelines on international data transfers between public authorities
On 19 February, the European Data Protection Board (EDPB) adopted guidelines on international data transfers between public authorities and from public authorities to international organisations. The Board thus clarifies that governmental bodies must also secure their international data transfers.
The guidelines lay down specific safeguards for transfers of personal data by public authorities to partner authorities in third countries or to international organisations. The Federal Commissioner for Data Protection and Freedom of Information, Professor Ulrich Kelber, welcomed the agreement:
The Data Protection Directive did not provide for specific safeguards. Today, the EDPB makes it clear that data protection rules in international data transfers between public authorities must be legally binding and enforceable.
The outcome is balanced between strict data protection requirements and flexible implementation possibilities. The guidelines provide practical guidance as to how – on the basis of the GDPR - it is possible to allow data transfers to third countries with a different culture of public authorities and a different legal framework. These guidelines describe, for example, the necessary restrictions on a data transfer by authorities in third countries or the remedies available to data subjects. The Board also emphasizes that an independent body has to monitor the authorities’ compliance with their obligations.
Now, the guidelines can be commented upon, at first within the framework of a public consultation before being finally adopted by the EDPB. The next plenary session of the EDPB is scheduled for 19 March in Brussels.