Just before Christmas the European Commission formally recognised the adequacy of
personal data protection in New Zealand, opening the way for increased
trade with the European Union. The NZ Office of the Privacy Commissioner (OPC) has been working for more than 10 years towards this outcome.
The EU’s 1995 Data Protection Directive states that personal data can be transferred to countries outside the EU
and the European Economic Area only when an adequate level of protection is guaranteed.
The Media Release announcing New Zealand adequacy listed other countries recognised by the EU as providing adequate protection:
Andorra, Argentina, Australia, Canada, Switzerland, Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey and Uruguay and the United States’ Safe Harbor scheme
Australia?
For years it's been said here there had been no ruling, that the EU had not
granted Australia ‘adequacy status’ nor stated that Australia’s privacy
regime was
inadequate.
Maybe simply too much Ho, Ho, Ho at this time of the year in Brussels?
There is no reference to recognition of Australian adequacy on the OAIC website.
While changes to the Privacy Act in 2004 and some of the recent amendments (still a long way from coming into force in May 2014) may have helped the cause, inadequacies cited in the ALRC 2008 report that have not been addressed include the small
business and employee records
exemptions
and, in the context of cross-border data flows, the development and
publication of a list of laws and binding schemes that effectively
uphold principles for
the fair handling of personal information.
Elsewhere in EU published material is this reference to an agreement between the EU and Australia on the processing and transfer of European Union-sourced passenger name
record (PNR) data by air carriers to the Australian Customs Service.
But no published opinion about the adequacy of Australia's privacy law along the lines of that issued for New Zealand and others.
No comments:
Post a Comment