• Courses
      • Executive Management Courses
      • Global Series of National Privacy Laws
      • Netherlands Privacy Academy (in Dutch)
      • Caribbean Data Protection Academy
    • Resources
    • Join GADPPRO ACADEMY
      • Join GADPPRO Academy as an Official Partner
      • Become an Official GADPPRO Training Entity
      • Join the GADPPRO Business Academy
      • Secretariat & International Training Centre
      • Contact Us
    •  
      • RegisterLog in
    Privacad GADPPRO Academy
      • Courses
        • Executive Management Courses
        • Global Series of National Privacy Laws
        • Netherlands Privacy Academy (in Dutch)
        • Caribbean Data Protection Academy
      • Resources
      • Join GADPPRO ACADEMY
        • Join GADPPRO Academy as an Official Partner
        • Become an Official GADPPRO Training Entity
        • Join the GADPPRO Business Academy
        • Secretariat & International Training Centre
        • Contact Us
      •  
        • RegisterLog in

      Blog

      Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies

      • Categories Blog, Business, Design / Branding, Free Data Protection Resources, Uncategorized
      • Date October 7, 2020

      Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies

      Section 3.2  Specific information on administrative arrangements  – Article 46 (3) (b) GDPR

      65. The GDPR in its Article 46(3)(b) also provides for alternative instruments in the form of administrative arrangements, e.g. Memorandum of Understanding “MOU”, providing protection through the commitments taken by both parties in order to bring their common arrangement into force.

      66. In this respect, Article 46 (1) and recital 108 of the GDPR specify that these arrangements have to ensure enforceable data subject rights and effective legal remedies. Where safeguards are provided for in administrative arrangements that are not legally binding, authorisation by the competent SA has to be obtained.

      67. It should be carefully assessed whether or not to make use of non-legally binding administrative arrangements to provide safeguards in the public sector, in view of the purpose of the processing and the nature of the data at hand. If data protection rights and redress for EEA individuals are not provided for in the domestic law of the third country, preference should be given to concluding a legally binding agreement. Irrespective of the type of instrument adopted, the measures in place have to be effective to ensure the appropriate implementation, enforcement and supervision.

      68. In administrative arrangements specific steps have to be taken to ensure effective individual rights, redress and oversight. In particular, to ensure effective and enforceable rights, a non-binding instrument should contain assurances from the public body receiving the EEA personal data that individual rights are fully provided by its domestic law and can be exercised by EEA individuals under the same conditions as is the case for citizens and residents of the concerned third country. The same applies if administrative and judicial redress is available to EEA individuals in the domestic legal framework of the receiving public body.

      69. If this is not the case, individual rights should be guaranteed by specific commitments from the parties, combined with procedural mechanisms to ensure their effectiveness and provide redress to the individual. Such procedural mechanisms may, for example, include commitments of the parties to inform each other of requests from EEA individuals and to settle disputes or claims in a timely fashion.

      70. In addition, in case such disputes or claims cannot be resolved in an amicable way between the parties themselves, effective redress to the individual should be provided by alternative mechanisms, for example through a possibility for the individual to have recourse to an alternative dispute resolution mechanism, such as arbitration or mediation. Such alternative dispute resolution mechanism should be binding unless this is impossible due to the specific status of the parties which might, e.g., be the case for international organisations. 

      71. Depending on the case at hand, a combination of all or some of the above measures should be provided for in the administrative agreement in order to ensure effective redress. Other measures not included in these guidelines could also be acceptable as long as they provide for effective redress.

      72. Each administrative arrangement developed in accordance with Article 46 (3) (b) GDPR will be examined by the competent SA on a case by case basis, followed by the relevant EDPB procedure, if applicable.The competent SA will base its examination on the general recommendations set out in these guidelines, but might also ask for more guarantees depending on the specific case.

      • Share:
      User Avatar
      Richard V

      Previous post

      Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
      October 7, 2020

      Next post

      Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
      October 7, 2020

      You may also like

      Children Safety Encryption www.privacad.com
      Apple’s New Step to Protect Child Abuse via Encryption Feature
      20 August, 2021
      DNA Technology and Privacy www.privacad.com
      DNA Technology Regulation Bill and Violation of Privacy for Minority Groups
      19 August, 2021
      www.privacad.com
      India accuses Twitter of not complying with new IT rules
      18 August, 2021

      Search

      Categories

      • Blog
      • Business
      • Design / Branding
      • Free Data Protection Resources
      • Nederlandse Privacy Academie
      • Uncategorized
      Facebook-f Linkedin-in

      © Privacad 2020

      For all your questions about courses

      students@privacad.com

      For all your questions about Privacad for business

      info@privacad.com

      Links

      • Courses
      • Become a GADPPRO Academy Official Training Entity
      • Resources
      • Free Data Protection Resources
      • Blog
      • Profile
      • Students Stewards Network (SSN)

      Support

      • Privacy Policy
      • Terms of Use
      • FAQs
      • Contact

      © GADPPRO Academy | Privacad 2023

      GADPPRO Academy 2023

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account

      Are you a member? Login now