European Commission Communication On The Transfer of Personal Data to US

By | Sunday November 8th, 2015

Today the European Commission released the formal communication no. 566 on the transfer of personal data to United States of America, this is consequent to the annulment of the Commission  Decision  2000/520/EC (also called Safe Harbor Agreement).

In this document the Commission analyses a framework of possible alternative solutions to the invalid decision for SMEs and big enterprises that have concerns to transfer personal data to US. The main legal intruments are the following:

– contractual clauses (SSCs), two main types of standard clauses can be employed, in respect of the horizontal relationships will be employed those ones relating to data controller to data controller, meanwhile with regard to vertical relationships will be employed those ones relating to data controller to data processor;

– Binding Corporate Rules (BCRs), this is employed in intra-group data transfers to US;

– Derogations under the article 26, paragraph 1 of the 95/46/EC Directive, which include amongst the others consent, performance of contract and implementation of pre-contractual measures; in general terms, all these derogations must be interpreted in a narrow sense, this means that a derogation should not for instance be employed in case of repeated or mass data transfers to US.

For more information see this link:

Otherwise see the following link:

Category: Open Forum Tags: , ,

About Fabio Di Resta

Fabio Di Resta is a lawyer, his main competence is on data protection law and computer law, after a law degree and a LLM in UK on these subjects, He has worked as a privacy consultant and ISO 27001 Ict security auditor in different sectors; He has drafted security policies and procedures for multinationals relating to Community and Italian Data protection Law, Sarbane Oxley Act and law n. 262 of 2005, legislative decree 231 of 2001; He has participated in international meetings on privacy, international conferences and seminars on privacy and computer law with a deep analysis of international agreement and community law on data protection such as “safe habour”, standard contractual clauses and binding corporate rules. He has participated to European Projects funded by EU relating to data protection, cloud computing and Electronic Health Record. He holds lectures and seminars on data protection law at prestigious universities. Moreover, in the past, He gave legal advice on the incorporation of new company abroad and provided legal services on the filing in of joint venture contracts in foreign countries, on know-how and trade mark licences, on national and international copyright protection law. Furthermore, He published several books on data protection and IT Law. A brief list of titles of the books published: Protezione delle informazioni. Privacy e sicurezza (Protection of Information, Privacy and Security), editor and principal author of the work for the editorial types Law and Profession, published by Giappichelli; Sanità e Innovazione – La protezione dei dati personali e le problematiche dell’informatizzazione in sanità (Healthcare and Innovation – Personal data protection and the problems of informatics in the Healthcare), editor and author in a collective work – printed in April 2009 – Edisef Publisher; La tutela dei dati personali nella società dell’informazione (The Protection of Personal Data in the Information Society) – printed in May 2009 – Giappichelli Publisher; Il Fascicolo Sanitario Elettronico (Electronic Health Record) – printed in April 2009 – Edisef Publisher; La sicurezza nei sistemi informativi sanitari (The Security in the Health information System) – printed in October 2010 – Edisef Publisher; Insidie telematiche (Telematic Pitfalls) – printed in November 2010 – Giappichelli Publisher. Moreover, He regularly publishes articles in several reviews and newspapers specialized on data protection law, on computer and e-government law. Lastly, He is a member of the Board of Directors in the Master on Privacy at the University of Roma Tre. He periodically publishes articles on UE data protection law in IAPP reviews.

One thought on “European Commission Communication On The Transfer of Personal Data to US

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.