| ID | 1.5.5 |
| Title | Legal requirements Privacy - Transferring data to third countries |
| Expert | Serge Gutwirth (VUB) Christoph Schnabel (UOK) |
| Priority | mandatory |
| Description | The transfer of personal data to third countries that do not ensure an adequate level of data protection is generally prohibited. Member States are considered to guarantee an adequate level of protection because of the directives on Privacy that had to be transformed by every Member State into national law. Outside the EC the Commission only recognizes Argentina, Canada and Switzerland to provide an adequate level of protection. The Commission is currently looking into New Zealand, Hong Kong and Australia. Transfers into the U.S. are only legitimate to companies that have joined the Safe Harbor Agreement. Otherwise a transfer is only legitimate, if: - the data subject has given unambiguous consent to the proposed transfer - the transfer is necessary in order to protect the vital interests of the data subject - the transfer is necessary for the performance or conclusion of a contract - the transfer is necessary or legally required on important public interest grounds If SPICE is planning on transferring personal data into countries outside the EC the above mentioned conditions have to be met. |
| Rationale | Relevant to assess the lawfulness of operation of SPICE |
| Type | non-functional |
| Depends on | 1.5.0 - General Legal requirement-completeness and comprehensiveness of regulatory requirement is impossible. |
| Child dependencies | 1.4.3 - Portability of user profile 3.1.1 - Communication Model building and notification of its updates 3.1.3 - User rules 3.1.4 - Terminal Synchronization 4.1.5 - Management and Provision of Service and Situation-dependent User Data 4.2.1 - Discovery and Exchange of Distributed Context Information; subscription and polling 4.2.2 - Gathering, Aggregation and Interpretation from Multiple Distributed Context Sources, derivation of knowledge 4.2.3 - Context Queries based on Semantic Context Schema and QoC 4.2.10 - Access, Storage, Processing and Distribution Rights 6.3.2 - Privacy rules for special cases 7.3.1 - User Policies and Provider Policies 8.1.1 - Restricted and parametrizable access to user profile/ data 8.1.5 - No user location tracking w/o user's explicit consent |
| Environment | |
| Other_info | |
| Category | regulatory |
| Subcategory | Privacy |
| Subcategory2 | |
| Scenario_scene | |
| SPICE_value | |
| Demo | |
| Keywords | privacy;data protection |
| Home |