EC approves data flow with Canada

The European Commission has ruled that Canada should be the third non-EU country to be allowed to transfer personal data with EU businesses.

It was decided on 20 December that the Canadian Personal Information Protection and Electronic Documents Act 2000 provides an adequate level of protection for European citizens, without the need for additional guarantees. The decision was officially published on Monday.

To date, Switzerland and Hungary are the only other non-EU countries whose laws are deemed to be compliant with the EU Data Protection Directive. The directive states that the transfer of personal data to a third country may only take place if the non-EU country "ensures an adequate level of protection and if the member states' laws implementing other provisions of the Directive are complied with prior to the transfer."

The transfer of consumer data in the US is currently self-regulated, whereas in Europe, fines can be imposed for contravening data protection laws. Within the UK, the information commissioner has the power to issue an enforcement notice to any organisation found to be in breach of any of the principles of the Data Protection Act 1998, which could result in a £5,000 fine in magistrate's court, or an unlimited fine in a crown court.

A so-called Safe Harbour agreement came into effect last summer, which was designed to regulate transborder data flows from the EU to the US. It provides guidance for US organisations on how to provide "adequate protection" for personal data from Europe as required by the EU Directive on Data Protection. But to date only 110 organisations have signed up to the agreement.

For everything Internet-related, from the latest legal and policy-related news, to domain name updates, see ZDNet UK's Internet News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Telecoms forum.

Let the editors know what you think in the Mailroom. And read other letters.