Nascleanúint
RGCS (GDPR) > Airteagal 45. Aistrithe ar bhonn cinneadh leordhóthanachta
Íoslódáil PDF

Airteagal 45 RGCS (GDPR). Aistrithe ar bhonn cinneadh leordhóthanachta

Article 45 GDPR. Transfers on the basis of an adequacy decision

1. Féadfar sonraí pearsanta a aistriú go tríú tír nó go heagraíocht idirnáisiúnta i gcás ina mbeidh cinneadh déanta ag an gCoimisiún go n-áirithíonn tríú tír, an críoch nó an earnáil shonraithe, laistigh den tríú tír sin, nó an eagraíocht idirnáisiúnta atá i gceist, go bhfuil leibhéal leordhóthanach cosanta ar fáil. Ní gá aon údarú sonrach a fháil i gcás aistriú den sórt sin.

1. A transfer of personal data to a third country or an international organisation may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection. Such a transfer shall not require any specific authorisation.

Recitals

(103) Féadfaidh an Coimisiún a chinneadh, agus bheadh feidhm ag an gcinneadh sin ar fud an Aontais, go gcuireann tríú tír, críoch nó earnáil shonraithe i dtríú tír, nó eagraíocht idirnáisiúnta, leibhéal leordhóthanach cosanta ar fáil, rud a sholáthraíonn deimhneacht dhlíthiúil agus aonfhoirmeacht dhlíthiúil ar fud an Aontais maidir leis an tríú tír nó leis an eagraíochtaí idirnáisiúnta a mheastar go gcuireann siad leibhéal cosanta den sórt sin ar fáil. I gcásanna den sórt sin, féadfar sonraí pearsanta a aistriú chuig an tír sin nó chuig an eagraíocht idirnáisiúnta sin gan an gá aon údarú breise a fháil. Féadfaidh an Coimisiún a chinneadh freisin, tar éis dó fógra in leith agus ráiteas iomlán lena leagtar amach na cúiseanna a thabhairt don tríú tír nó don eagraíocht idirnáisiúnta, cinneadh den sórt sin a chúlghairm.

(103) The Commission may decide with effect for the entire Union that a third country, a territory or specified sector within a third country, or an international organisation, offers an adequate level of data protection, thus providing legal certainty and uniformity throughout the Union as regards the third country or international organisation which is considered to provide such level of protection. In such cases, transfers of personal data to that third country or international organisation may take place without the need to obtain any further authorisation. The Commission may also decide, having given notice and a full statement setting out the reasons to the third country or international organisation, to revoke such a decision.

2. Agus a leordhóthanaí atá an leibhéal cosanta á mheas ag an gCoimisiún cuirfidh sé na nithe seo a leanas, go háirithe, san áireamh:

2. When assessing the adequacy of the level of protection, the Commission shall, in particular, take account of the following elements:

Recitals

(104) I gcomhréir leis na bunluachanna ar a bhfuil an tAontas fothaithe, go háirithe cosaint chearta an duine, ba cheart don Choimisiún a chur san áireamh, agus measúnú á dhéanamh aige ar thríú tír nó ar chríoch nó ar earnáil shonraithe i dtríú tír, an tslí ina ndéanann tríú tír ar leith an smacht reachta, rochtain ar cheartas mar aon leis na noirm agus na caighdeáin idirnáisiúnta maidir le cearta an duine agus an dlí ginearálta agus an dlí earnála atá aici, lena n-áirítear reachtaíocht a bhaineann leis an tslándáil phoiblí, le cosaint agus leis an tslándáil náisiúnta mar aon leis an ord poiblí agus leis an dlí coiriúil, a urramú. Agus cinneadh leordhóthanachta maidir le críoch nó le hearnáil shonraithe i dtaca le tríú tír á ghlacadh, ba cheart a chur san áireamh critéir shoiléire oibiachtúla, amhail gníomhaíochtaí sonracha próiseála agus raon feidhme na gcaighdeán dlíthiúil is infheidhme agus na reachtaíochta atá i bhfeidhm sa tríú tír. Ba cheart don tríú tír ráthaíochtaí a thabhairt lena n-áiritheofaí leibhéal leordhóthanach cosanta arb ionann é go bunúsach agus an leibhéal a áirithítear laistigh den Aontas, go háirithe i gcás ina bpróiseáiltear sonraí pearsanta in earnáil ar leith nó i roinnt earnálacha ar leith. Go háirithe, ba cheart don tríú tír maoirseacht neamhspleách éifeachtach ar chosaint sonraí a áirithiú agus ba cheart di foráil a dhéanamh maidir le sásraí comhair leis na húdaráis na mBallstát um chosaint sonraí, agus ba cheart cearta éifeachtacha in-fhorfheidhmithe agus sásamh éifeachtach riaracháin agus sásamh éifeachtach breithiúnach a thabhairt do na hábhair sonraí.

(104) In line with the fundamental values on which the Union is founded, in particular the protection of human rights, the Commission should, in its assessment of the third country, or of a territory or specified sector within a third country, take into account how a particular third country respects the rule of law, access to justice as well as international human rights norms and standards and its general and sectoral law, including legislation concerning public security, defence and national security as well as public order and criminal law. The adoption of an adequacy decision with regard to a territory or a specified sector in a third country should take into account clear and objective criteria, such as specific processing activities and the scope of applicable legal standards and legislation in force in the third country. The third country should offer guarantees ensuring an adequate level of protection essentially equivalent to that ensured within the Union, in particular where personal data are processed in one or several specific sectors. In particular, the third country should ensure effective independent data protection supervision and should provide for cooperation mechanisms with the Member States' data protection authorities, and the data subjects should be provided with effective and enforceable rights and effective administrative and judicial redress.

(105) Seachas na gealltanais idirnáisiúnta a rinne an tríú tír nó an eagraíocht idirnáisiúnta, ba cheart don Choimisiún oibleagáidí a chur san áireamh a eascraíonn as rannpháirtíocht na tríú tíre nó na heagraíochta idirnáisiúnta i gcórais iltaobhacha nó réigiúnacha go háirithe maidir le cosaint sonraí pearsanta, mar aon le cur chun feidhme oibleagáidí den sórt sin. Ba cheart, go háirithe, aontachas na tríú tíre do Choinbhinsiún Chomhairle na hEorpa an 28 Eanáir 1981 maidir le Daoine Aonair a Chosaint i ndáil le Sonraí Pearsanta a Phróiseáil go hUathoibríoch agus don Phrótacal Forlíontach a ghabhann leis a chur san áireamh. Ba cheart don Choimisiún dul i gcomhairle leis an mBord agus a leordhóthanaí atá an leibhéal cosanta i dtríú tíortha nó in eagraíochtaí idirnáisiúnta á mheas aige.

(105) Apart from the international commitments the third country or international organisation has entered into, the Commission should take account of obligations arising from the third country's or international organisation's participation in multilateral or regional systems in particular in relation to the protection of personal data, as well as the implementation of such obligations. In particular, the third country's accession to the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to the Automatic Processing of Personal Data and its Additional Protocol should be taken into account. The Commission should consult the Board when assessing the level of protection in third countries or international organisations.

(a) an smacht reachta, an urraim do chearta an duine agus na saoirsí bunúsacha, reachtaíocht ábhartha, idir ghinearálta agus earnálach, lena n-áirítear i ndáil leis an tslándáil phoiblí, cosaint, an tslándáil náisiúnta agus an dlí coiriúil agus rochtain na n-údarás poiblí ar shonraí pearsanta, maille le cur chun feidhme na reachtaíochta seo, rialacha um chosaint sonraí, rialacha gairmiúla agus bearta slándála, lena n-áirítear rialacha maidir le sonraí pearsanta a aistriú ar aghaidh go tríú tír eile nó go heagraíocht idirnáisiúnta eile, ar rialacha iad atá á gcomhlíonadh sa tír sin nó san eagraíocht idirnáisiúnta sin, an cásdlí, chomh maith le cearta éifeachtacha in-fhorfheidhmithe a bheith ar fáil d’ábhair sonraí agus sásamh éifeachtach riaracháin agus breithiúnach do na hábhair sonraí agus a bhfuil a sonraí pearsanta á n-aistriú;

(a) the rule of law, respect for human rights and fundamental freedoms, relevant legislation, both general and sectoral, including concerning public security, defence, national security and criminal law and the access of public authorities to personal data, as well as the implementation of such legislation, data protection rules, professional rules and security measures, including rules for the onward transfer of personal data to another third country or international organisation which are complied with in that country or international organisation, case-law, as well as effective and enforceable data subject rights and effective administrative and judicial redress for the data subjects whose personal data are being transferred;

(b) ceann amháin nó níos mó d’údaráis neamhspleácha mhaoirseachta a bheith sa tríú tír agus é/iad ag feidhmiú go maith nó a mbeidh eagraíocht idirnáisiúnta faoina réir agus é mar fhreagracht orthu a áirithiú go bhfuil na rialacha maidir le cosaint sonraí á gcomhlíonadh agus á bhforfheidhmiú, lena n-áirítear cumhachtaí iomchuí forfheidhmithe chun comhairle a chur ar na hábhair sonraí agus cúnamh a thabhairt dóibh chuige sin, agus chun comhar a áirithiú le húdaráis mhaoirseachta an Aontais agus na mBallstát;

(b) the existence and effective functioning of one or more independent supervisory authorities in the third country or to which an international organisation is subject, with responsibility for ensuring and enforcing compliance with the data protection rules, including adequate enforcement powers, for assisting and advising the data subjects in exercising their rights and for cooperation with the supervisory authorities of the Member States; and

(c) na tiomantais idirnáisiúnta atá glactha ag an tríú tír nó ag an eagraíocht idirnáisiúnta lena mbaineann, nó oibleagáidí eile a eascraíonn as coinbhinsiúin nó ionstraimí atá ceangailteach ó thaobh an dlí de agus óna rannpháirtíocht i gcórais réigiúnacha nó i gcórais iltaobhacha, go háirithe a bhaineann le sonraí pearsanta a chosaint.

(c) the international commitments the third country or international organisation concerned has entered into, or other obligations arising from legally binding conventions or instruments as well as from its participation in multilateral or regional systems, in particular in relation to the protection of personal data.

3. Tar éis dó leordhóthanacht leibhéal na cosanta a mheas, féadfaidh an Coimisiún a chinneadh, trí bhíthin gníomh cur chun feidhme, go n-áirithítear i dtríú tír, i gcríoch nó in earnáil shonraithe amháin nó níos mó i dtríú tír, nó in eagraíocht idirnáisiúnta, go bhfuil leibhéal cosanta leordhóthanach inti laistigh de réir bhrí mhír 2 den Airteagal seo.Forálfar, leis an ngníomh cur chun feidhme, do shásra chun athbhreithniú tréimhsiúil a dhéanamh, ar a laghad uair amháin gach ceithre bliana, ina gcuirfear san áireamh na forbairtí ábhartha uile sa tríú tír sin nó san eagraíocht idirnáisiúnta sin. Sa ghníomh cur chun feidhme, sonrófar cur i bhfeidhm críochach agus earnálach an ghnímh, agus, i gcás inarb infheidhme, ainmneofar an t-údarás maoirseachta nó na húdaráis mhaoirseachta dá dtagraítear i bpointe (b) de mhír 2 den Airteagal seo. Glacfar an gníomh cur chun feidhme sin i gcomhréir leis an nós imeachta scrúdúcháin dá dtagraítear in Airteagal 93(2).

3. The Commission, after assessing the adequacy of the level of protection, may decide, by means of implementing act, that a third country, a territory or one or more specified sectors within a third country, or an international organisation ensures an adequate level of protection within the meaning of paragraph 2 of this Article. The implementing act shall provide for a mechanism for a periodic review, at least every four years, which shall take into account all relevant developments in the third country or international organisation. The implementing act shall specify its territorial and sectoral application and, where applicable, identify the supervisory authority or authorities referred to in point (b) of paragraph 2 of this Article. The implementing act shall be adopted in accordance with the examination procedure referred to in Article 93(2).

Téacsanna gaolmhara

4. Déanfaidh an Coimisiún, ar bhonn leanúnach, faireachán ar fhorbairtí i dtríú tíortha agus in eagraíochtaí idirnáisiúnta a bhféadfadh tionchar a bheith acu ar an gcaoi a bhfheidhmeodh na cinntí a ghlactar de bhun mhír 3 den Airteagal seo agus na cinntí a ghlactar ar bhonn Airteagal 25(6) de Threoir 95/46/CE.

4. The Commission shall, on an ongoing basis, monitor developments in third countries and international organisations that could affect the functioning of decisions adopted pursuant to paragraph 3 of this Article and decisions adopted on the basis of Article 25(6) of Directive 95/46/EC.

Recitals

(106) Ba cheart don Choimisiún faireachán a dhéanamh ar fheidhmiú na gcinntí ar leibhéal na cosanta i dtríú tír,,i gcríoch nó in earnáil shonraithe i dtríú tír, nó in eagraíocht idirnáisiúnta, agus ba cheart dó faireachán a dhéanamh ar fheidhmiú cinntí arna nglacadh ar bhonn Airteagal 25(6) nó Airteagal 26(4) de Rialachán 95/46/CE. Ina chuid cinntí leordhóthanachta, ba cheart don Choimisiún foráil a dhéanamh do shásra maidir le hathbhreithniú tréimhsiúil a dhéanamh ar a bhfeidhmiú. Ba cheart an t-athbhreithniú tréimhsiúil sin a dhéanamh i gcomhairle leis an tríú tír nó leis an eagraíocht idirnáisiúnta i dtrácht agus ba cheart gach forbairt ábhartha sa tríú tír nó san eagraíocht idirnáisiúnta a chur san áireamh. Chun faireachán a dhéanamh agus chun na hathbhreithnithe tréimhsiúla a dhéanamh, ba cheart don Choimisiún machnamh a dhéanamh ar thuairimí agus ar thorthaí Pharlaimint na hEorpa agus ar thuairimí agus ar thorthaí na Comhairle, chomh maith le tuairimí agus torthaí comhlachtaí agus foinsí ábhartha eile. Ba cheart don Choimisiún measúnú a dhéanamh, laistigh de thréimhse réasúnach ama, ar fheidhmiú na gcinntí sin agus aon torthaí ábhartha a thuairisciú don Choiste de réir bhrí Rialachán (AE) Uimh. 182/2011 ó Pharlaimint na hEorpa agus ón gComhairle (12) mar a bhunaítear faoin Rialachán seo, do Pharlaimint na hEorpa agus don Chomhairle.

(106) The Commission should monitor the functioning of decisions on the level of protection in a third country, a territory or specified sector within a third country, or an international organisation, and monitor the functioning of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC. In its adequacy decisions, the Commission should provide for a periodic review mechanism of their functioning. That periodic review should be conducted in consultation with the third country or international organisation in question and take into account all relevant developments in the third country or international organisation. For the purposes of monitoring and of carrying out the periodic reviews, the Commission should take into consideration the views and findings of the European Parliament and of the Council as well as of other relevant bodies and sources. The Commission should evaluate, within a reasonable time, the functioning of the latter decisions and report any relevant findings to the Committee within the meaning of Regulation (EU) No 182/2011 of the European Parliament and of the Council [12] as established under this Regulation, to the European Parliament and to the Council.

(12) Rialachán (AE) Uimh. 182/2011 ó Pharlaimint na hEorpa agus ón gComhairle an 16 Feabhra 2011 lena leagtar síos na rialacha agus na prionsabail ghinearálta a bhaineann leis na sásraí maidir le rialú ag na Ballstáit ar fheidhmiú cumhachtaí cur chun feidhme ag an gCoimisiún. https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2011:055:TOC

[12] Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission's exercise of implementing powers (OJ L 55, 28.2.2011, p. 13). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2011:055:TOC

5. Sa mhéid is gá, cinnfidh an Coimisiún, i gcás ina léireoidh an fhaisnéis atá ar fáil, go háirithe tar éis an athbhreithnithe dá dtagraítear i mír 3 den Airteagal seo, nach n-áirithítear a thuilleadh leibhéal leordhóthanach cosanta i dtríú tír, i gcríoch ná in earnáil shonraithe sa tríú tír sin, ná in eagraíocht idirnáisiúnta, de bhrí mhír 2 den Airteagal seo, a mhéid is féidir, déanfaidh sé an cinneadh dá dtagraítear i mír 3 den Airteagal seo a aisghairm, a leasú nó a chur ar fionraí trí bhíthin gníomhartha cur chun feidhme gan éifeacht chúlghabhálach a bheith aige. Glacfar na gníomhartha cur chun feidhme sin i gcomhréir leis an nós imeachta scrúdúcháin dá dtagraítear in Airteagal 93(2).

5. The Commission shall, where available information reveals, in particular following the review referred to in paragraph 3 of this Article, that a third country, a territory or one or more specified sectors within a third country, or an international organisation no longer ensures an adequate level of protection within the meaning of paragraph 2 of this Article, to the extent necessary, repeal, amend or suspend the decision referred to in paragraph 3 of this Article by means of implementing acts without retro-active effect. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2).

Téacsanna gaolmhara

Ar mhórchúiseanna prainne a bhfuil bonn cirt cuí leo, déanfaidh an Coimsiún gníomhartha cur chun feidhme atá infheidhme láithreach i gcomhéir leis an nós imeachta dá dtagraítear in Airteagal 93(3).

On duly justified imperative grounds of urgency, the Commission shall adopt immediately applicable implementing acts in accordance with the procedure referred to in Article 93(3).

Téacsanna gaolmhara

6. Rachaidh an Coimisiún i gcomhairle leis an tríú tír nó leis an eagraíocht idirnáisiúnta féachaint an bhféadfaí an méid ba chúis leis an gcinneadh a rinneadh de bhun mhír 5 seo a leigheas.

6. The Commission shall enter into consultations with the third country or international organisation with a view to remedying the situation giving rise to the decision made pursuant to paragraph 5.

Recitals

(107) Féadfaidh an Coimisiún a aithint nach bhfuil leibhéal leordhóthanach cosanta ar shonraí á áirithiú a thuilleadh i dtríú tír, i gcríoch nó in earnáil shonraithe i dtríú tír, nó in eagraíocht idirnáisiúnta. Mar gheall air sin, ba cheart aistriú sonraí pearsanta chuig an tríú tír sin nó chuig an eagraíocht idirnáisiúnta sin a thoirmeasc, mura gcomhlíontar na ceanglais sa Rialachán seo a bhaineann le haistrithe atá faoi réir coimircí leordhóthanacha, lena n-áirítear rialacha ceangailteacha corparáídeacha, agus maoluithe i gcomhair staideanna áirithe. Sa chás sin, ba cheart foráil a dhéanamh maidir le comhairliúcháin idir an Coimisiún agus tríú tíortha den sórt sin nó eagraíochtaí idirnáisiúnta den sórt sin. Ba cheart don Choimisiún, ar bhealach tráthúil, an tríú tír nó an eagraíocht idirnáisiúnta a chur ar an eolas faoi na fáthanna agus dul i gcomhairle léi chun an cor a leigheas.

(107) The Commission may recognise that a third country, a territory or a specified sector within a third country, or an international organisation no longer ensures an adequate level of data protection. Consequently the transfer of personal data to that third country or international organisation should be prohibited, unless the requirements in this Regulation relating to transfers subject to appropriate safeguards, including binding corporate rules, and derogations for specific situations are fulfilled. In that case, provision should be made for consultations between the Commission and such third countries or international organisations. The Commission should, in a timely manner, inform the third country or international organisation of the reasons and enter into consultations with it in order to remedy the situation.

7. Is gan dochar a bheidh cinneadh de bhun mhír 5 den Airteagal seo d’aistrithe sonraí pearsanta go dtí an tríú tír, go dtí an chríoch nó go hearnáil shonraithe amhain nó níos mó laistigh den tríú tír sin, nó go dtí an eagraíocht idirnáisiúnta de bhun Airteagal 46 go hAirteagal 49.

7. A decision pursuant to paragraph 5 of this Article is without prejudice to transfers of personal data to the third country, a territory or one or more specified sectors within that third country, or the international organisation in question pursuant to Articles 46 to 49.

Téacsanna gaolmhara

8. Déanfaidh an Coimisiún liosta a fhoilsiú, in Iris Oifigiúil an Aontais Eorpaigh agus ar a shuíomh gréasáin, de na tríú tíortha, de na críocha agus de na hearnálacha sonraithe i dtríú tír agus de na heagraíochtaí idirnáisiúnta ar chinn an Coimisiún ina leith go raibh nó nach raibh a leibhéil chosanta leormhaith.

8. The Commission shall publish in the Official Journal of the European Union and on its website a list of the third countries, territories and specified sectors within a third country and international organisations for which it has decided that an adequate level of protection is or is no longer ensured.

9. Beidh feidhm ag cinntí arna nglacadh ag an gCoimisiún ar bhonn Airteagal 25(6) de Threoir 95/46/CE go dtí go ndéanfar iad a leasú, a ionadú nó a aisghairm le Cinneadh ón gCoimisiún arna nglacadh i gcomhréir le mír 3 nó mír 5 den Airteagal seo.

9. Decisions adopted by the Commission on the basis of Article 25(6) of Directive 95/46/EC shall remain in force until amended, replaced or repealed by a Commission Decision adopted in accordance with paragraph 3 or 5 of this Article.

ISO 27701 Recitals Dlí Treoirlínte & Cásanna Leave a comment
ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to article 45 GDPR:

7.5.1 Identify basis for PII transfer between jurisdictions

Control

The organization should identify and document the relevant basis for transfers of PII between jurisdictions.

Implementation guidance

PII transfer can be subject to legislation and/or regulation depending on the jurisdiction or international organization to which data is to be transferred (and from where it originates).

(EN) […]


to read the full text

Recitals

(103) Féadfaidh an Coimisiún a chinneadh, agus bheadh feidhm ag an gcinneadh sin ar fud an Aontais, go gcuireann tríú tír, críoch nó earnáil shonraithe i dtríú tír, nó eagraíocht idirnáisiúnta, leibhéal leordhóthanach cosanta ar fáil, rud a sholáthraíonn deimhneacht dhlíthiúil agus aonfhoirmeacht dhlíthiúil ar fud an Aontais maidir leis an tríú tír nó leis an eagraíochtaí idirnáisiúnta a mheastar go gcuireann siad leibhéal cosanta den sórt sin ar fáil. I gcásanna den sórt sin, féadfar sonraí pearsanta a aistriú chuig an tír sin nó chuig an eagraíocht idirnáisiúnta sin gan an gá aon údarú breise a fháil. Féadfaidh an Coimisiún a chinneadh freisin, tar éis dó fógra in leith agus ráiteas iomlán lena leagtar amach na cúiseanna a thabhairt don tríú tír nó don eagraíocht idirnáisiúnta, cinneadh den sórt sin a chúlghairm.

(103) The Commission may decide with effect for the entire Union that a third country, a territory or specified sector within a third country, or an international organisation, offers an adequate level of data protection, thus providing legal certainty and uniformity throughout the Union as regards the third country or international organisation which is considered to provide such level of protection. In such cases, transfers of personal data to that third country or international organisation may take place without the need to obtain any further authorisation. The Commission may also decide, having given notice and a full statement setting out the reasons to the third country or international organisation, to revoke such a decision.

(104) I gcomhréir leis na bunluachanna ar a bhfuil an tAontas fothaithe, go háirithe cosaint chearta an duine, ba cheart don Choimisiún a chur san áireamh, agus measúnú á dhéanamh aige ar thríú tír nó ar chríoch nó ar earnáil shonraithe i dtríú tír, an tslí ina ndéanann tríú tír ar leith an smacht reachta, rochtain ar cheartas mar aon leis na noirm agus na caighdeáin idirnáisiúnta maidir le cearta an duine agus an dlí ginearálta agus an dlí earnála atá aici, lena n-áirítear reachtaíocht a bhaineann leis an tslándáil phoiblí, le cosaint agus leis an tslándáil náisiúnta mar aon leis an ord poiblí agus leis an dlí coiriúil, a urramú. Agus cinneadh leordhóthanachta maidir le críoch nó le hearnáil shonraithe i dtaca le tríú tír á ghlacadh, ba cheart a chur san áireamh critéir shoiléire oibiachtúla, amhail gníomhaíochtaí sonracha próiseála agus raon feidhme na gcaighdeán dlíthiúil is infheidhme agus na reachtaíochta atá i bhfeidhm sa tríú tír. Ba cheart don tríú tír ráthaíochtaí a thabhairt lena n-áiritheofaí leibhéal leordhóthanach cosanta arb ionann é go bunúsach agus an leibhéal a áirithítear laistigh den Aontas, go háirithe i gcás ina bpróiseáiltear sonraí pearsanta in earnáil ar leith nó i roinnt earnálacha ar leith. Go háirithe, ba cheart don tríú tír maoirseacht neamhspleách éifeachtach ar chosaint sonraí a áirithiú agus ba cheart di foráil a dhéanamh maidir le sásraí comhair leis na húdaráis na mBallstát um chosaint sonraí, agus ba cheart cearta éifeachtacha in-fhorfheidhmithe agus sásamh éifeachtach riaracháin agus sásamh éifeachtach breithiúnach a thabhairt do na hábhair sonraí.

(104) In line with the fundamental values on which the Union is founded, in particular the protection of human rights, the Commission should, in its assessment of the third country, or of a territory or specified sector within a third country, take into account how a particular third country respects the rule of law, access to justice as well as international human rights norms and standards and its general and sectoral law, including legislation concerning public security, defence and national security as well as public order and criminal law. The adoption of an adequacy decision with regard to a territory or a specified sector in a third country should take into account clear and objective criteria, such as specific processing activities and the scope of applicable legal standards and legislation in force in the third country. The third country should offer guarantees ensuring an adequate level of protection essentially equivalent to that ensured within the Union, in particular where personal data are processed in one or several specific sectors. In particular, the third country should ensure effective independent data protection supervision and should provide for cooperation mechanisms with the Member States' data protection authorities, and the data subjects should be provided with effective and enforceable rights and effective administrative and judicial redress.

(105) Seachas na gealltanais idirnáisiúnta a rinne an tríú tír nó an eagraíocht idirnáisiúnta, ba cheart don Choimisiún oibleagáidí a chur san áireamh a eascraíonn as rannpháirtíocht na tríú tíre nó na heagraíochta idirnáisiúnta i gcórais iltaobhacha nó réigiúnacha go háirithe maidir le cosaint sonraí pearsanta, mar aon le cur chun feidhme oibleagáidí den sórt sin. Ba cheart, go háirithe, aontachas na tríú tíre do Choinbhinsiún Chomhairle na hEorpa an 28 Eanáir 1981 maidir le Daoine Aonair a Chosaint i ndáil le Sonraí Pearsanta a Phróiseáil go hUathoibríoch agus don Phrótacal Forlíontach a ghabhann leis a chur san áireamh. Ba cheart don Choimisiún dul i gcomhairle leis an mBord agus a leordhóthanaí atá an leibhéal cosanta i dtríú tíortha nó in eagraíochtaí idirnáisiúnta á mheas aige.

(105) Apart from the international commitments the third country or international organisation has entered into, the Commission should take account of obligations arising from the third country's or international organisation's participation in multilateral or regional systems in particular in relation to the protection of personal data, as well as the implementation of such obligations. In particular, the third country's accession to the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to the Automatic Processing of Personal Data and its Additional Protocol should be taken into account. The Commission should consult the Board when assessing the level of protection in third countries or international organisations.

(106) Ba cheart don Choimisiún faireachán a dhéanamh ar fheidhmiú na gcinntí ar leibhéal na cosanta i dtríú tír,,i gcríoch nó in earnáil shonraithe i dtríú tír, nó in eagraíocht idirnáisiúnta, agus ba cheart dó faireachán a dhéanamh ar fheidhmiú cinntí arna nglacadh ar bhonn Airteagal 25(6) nó Airteagal 26(4) de Rialachán 95/46/CE. Ina chuid cinntí leordhóthanachta, ba cheart don Choimisiún foráil a dhéanamh do shásra maidir le hathbhreithniú tréimhsiúil a dhéanamh ar a bhfeidhmiú. Ba cheart an t-athbhreithniú tréimhsiúil sin a dhéanamh i gcomhairle leis an tríú tír nó leis an eagraíocht idirnáisiúnta i dtrácht agus ba cheart gach forbairt ábhartha sa tríú tír nó san eagraíocht idirnáisiúnta a chur san áireamh. Chun faireachán a dhéanamh agus chun na hathbhreithnithe tréimhsiúla a dhéanamh, ba cheart don Choimisiún machnamh a dhéanamh ar thuairimí agus ar thorthaí Pharlaimint na hEorpa agus ar thuairimí agus ar thorthaí na Comhairle, chomh maith le tuairimí agus torthaí comhlachtaí agus foinsí ábhartha eile. Ba cheart don Choimisiún measúnú a dhéanamh, laistigh de thréimhse réasúnach ama, ar fheidhmiú na gcinntí sin agus aon torthaí ábhartha a thuairisciú don Choiste de réir bhrí Rialachán (AE) Uimh. 182/2011 ó Pharlaimint na hEorpa agus ón gComhairle (12) mar a bhunaítear faoin Rialachán seo, do Pharlaimint na hEorpa agus don Chomhairle.

(106) The Commission should monitor the functioning of decisions on the level of protection in a third country, a territory or specified sector within a third country, or an international organisation, and monitor the functioning of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC. In its adequacy decisions, the Commission should provide for a periodic review mechanism of their functioning. That periodic review should be conducted in consultation with the third country or international organisation in question and take into account all relevant developments in the third country or international organisation. For the purposes of monitoring and of carrying out the periodic reviews, the Commission should take into consideration the views and findings of the European Parliament and of the Council as well as of other relevant bodies and sources. The Commission should evaluate, within a reasonable time, the functioning of the latter decisions and report any relevant findings to the Committee within the meaning of Regulation (EU) No 182/2011 of the European Parliament and of the Council [12] as established under this Regulation, to the European Parliament and to the Council.

(12) Rialachán (AE) Uimh. 182/2011 ó Pharlaimint na hEorpa agus ón gComhairle an 16 Feabhra 2011 lena leagtar síos na rialacha agus na prionsabail ghinearálta a bhaineann leis na sásraí maidir le rialú ag na Ballstáit ar fheidhmiú cumhachtaí cur chun feidhme ag an gCoimisiún. https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2011:055:TOC

[12] Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission's exercise of implementing powers (OJ L 55, 28.2.2011, p. 13). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2011:055:TOC

(107) Féadfaidh an Coimisiún a aithint nach bhfuil leibhéal leordhóthanach cosanta ar shonraí á áirithiú a thuilleadh i dtríú tír, i gcríoch nó in earnáil shonraithe i dtríú tír, nó in eagraíocht idirnáisiúnta. Mar gheall air sin, ba cheart aistriú sonraí pearsanta chuig an tríú tír sin nó chuig an eagraíocht idirnáisiúnta sin a thoirmeasc, mura gcomhlíontar na ceanglais sa Rialachán seo a bhaineann le haistrithe atá faoi réir coimircí leordhóthanacha, lena n-áirítear rialacha ceangailteacha corparáídeacha, agus maoluithe i gcomhair staideanna áirithe. Sa chás sin, ba cheart foráil a dhéanamh maidir le comhairliúcháin idir an Coimisiún agus tríú tíortha den sórt sin nó eagraíochtaí idirnáisiúnta den sórt sin. Ba cheart don Choimisiún, ar bhealach tráthúil, an tríú tír nó an eagraíocht idirnáisiúnta a chur ar an eolas faoi na fáthanna agus dul i gcomhairle léi chun an cor a leigheas.

(107) The Commission may recognise that a third country, a territory or a specified sector within a third country, or an international organisation no longer ensures an adequate level of data protection. Consequently the transfer of personal data to that third country or international organisation should be prohibited, unless the requirements in this Regulation relating to transfers subject to appropriate safeguards, including binding corporate rules, and derogations for specific situations are fulfilled. In that case, provision should be made for consultations between the Commission and such third countries or international organisations. The Commission should, in a timely manner, inform the third country or international organisation of the reasons and enter into consultations with it in order to remedy the situation.

Dlí Treoirlínte & Cásanna Leave a comment
[js-disqus]