Artikkel 50
International cooperation for the protection of personal data

Offisielle tekster Retningslinjer
og beslutninger
Vurderinger
EU-regulering
Vurderinger
nasj. regulering
Vis forordningens fortaletekst relatert til art. 50 keyboard_arrow_down Skjul forordningens fortaletekst relatert til art. 50 keyboard_arrow_up

(29) In order to create incentives to apply pseudonymisation when processing personal data, measures of pseudonymisation should, whilst allowing general analysis, be possible within the same controller when that controller has taken technical and organisational measures necessary to ensure, for the processing concerned, that this Regulation is implemented, and that additional information for attributing the personal data to a specific data subject is kept separately. The controller processing the personal data should indicate the authorised persons within the same controller

(116) When personal data moves across borders outside the Union it may put at increased risk the ability of natural persons to exercise data protection rights in particular to protect themselves from the unlawful use or disclosure of that information. At the same time, supervisory authorities may find that they are unable to pursue complaints or conduct investigations relating to the activities outside their borders. Their efforts to work together in the cross-border context may also be hampered by insufficient preventative or remedial powers, inconsistent legal regimes, and practical obstacles like resource constraints. Therefore, there is a need to promote closer cooperation among data protection supervisory authorities to help them exchange information and carry out investigations with their international counterparts. For the purposes of developing international cooperation mechanisms to facilitate and provide international mutual assistance for the enforcement of legislation for the protection of personal data, the Commission and the supervisory authorities should exchange information and cooperate in activities related to the exercise of their powers with competent authorities in third countries, based on reciprocity and in accordance with this Regulation.

(123) The supervisory authorities should monitor the application of the provisions pursuant to this Regulation and contribute to its consistent application throughout the Union, in order to protect natural persons in relation to the processing of their personal data and to facilitate the free flow of personal data within the internal market. For that purpose, the supervisory authorities should cooperate with each other and with the Commission, without the need for any agreement between Member States on the provision of mutual assistance or on such cooperation.

Det finnes ingen fortaletekst i direktivet relatert til art. 50.

GDPR

In relation to third countries and international organizations, Article 50 requires the Commission and the supervisory authorities to take certain measures in order  to facilitate the application of the data protection principles.

This provision takes into account the recommendation of the Organization for Economic Cooperation and Development (OECD) of 12 June 2007 on the cross-border cooperation in the application of the laws protecting privacy.

These measures are intended to develop international cooperation mechanisms to facilitate the effective enforcement of legislation for the protection of personal data (paragraph 1 (a)); They should then provide international mutual assistance in the enforcement of legislation for the protection of personal data, including through notification, complaint referral, investigative assistance and information exchange, subject to appropriate safeguards for the protection of personal data and other fundamental rights and freedoms (paragraph 1 (b));

These mechanisms are intended, on the one hand, to engage the relevant stakeholders in discussion and activities aimed at furthering international cooperation in the enforcement of legislation for the protection of personal data (paragraph 1 (c)); and, on the other hand, to promote the exchange and documentation of personal data protection legislation and practice, including on jurisdictional conflicts with third countries (paragraph 1 (d)).

Direktivet

The Directive did not envisage the possibility of cooperation between the Member States and non-Union third countries or international organizations.

Norway

Ingen tilsvarnede bestememmelse, men se § 42, tredje ledd nr. 4.

Utfordringer

We do not see a priori any implementation difficulty.

Forordning
1e 2e

Art. 50

In relation to third countries and international organisations, the Commission and supervisory authorities shall take appropriate steps to:

a) develop international cooperation mechanisms to facilitate the effective enforcement of legislation for the protection of personal data;

b) provide international mutual assistance in the enforcement of legislation for the protection of personal data, including through notification, complaint referral, investigative assistance and information exchange, subject to appropriate safeguards for the protection of personal data and other fundamental rights and freedoms;

c) engage relevant stakeholders in discussion and activities aimed at furthering international cooperation in the enforcement of legislation for the protection of personal data;

d) promote the exchange and documentation of personal data protection legislation and practice, including on jurisdictional conflicts with third countries.

 

 

1. forslag close

Art. 45

1.           In relation to third countries and international organisations, the Commission and supervisory authorities shall take appropriate steps to:

(a)     develop effective international co-operation mechanisms to facilitate the enforcement of legislation for the protection of personal data;

(b)     provide international mutual assistance in the enforcement of legislation for the protection of personal data, including through notification, complaint referral, investigative assistance and information exchange, subject to appropriate safeguards for the protection of personal data and other fundamental rights and freedoms;

(c)     engage relevant stakeholders in discussion and activities aimed at furthering international co-operation in the enforcement of legislation for the protection of personal data;

(d)     promote the exchange and documentation of personal data protection legislation and practice.

2.           For the purposes of paragraph 1, the Commission shall take appropriate steps to advance the relationship with third countries or international organisations, and in particular their supervisory authorities, where the Commission has decided that they ensure an adequate level of protection within the meaning of Article 41(3).

2. forslag close

Art. 45

1. In relation to third countries and international organisations, the Commission and supervisory authorities shall take appropriate steps to:

(a) develop international co-operation mechanisms to facilitate the effective enforcement of legislation for the protection of personal data;

(b) provide international mutual assistance in the enforcement of legislation for the protection of personal data, including through (...) complaint referral, investigative assistance and information exchange, subject to appropriate safeguards for the protection of personal data and other fundamental rights and freedoms;

(c) engage relevant stakeholders in discussion and activities aimed at promoting international co-operation in the enforcement of legislation for the protection of personal data;

(d) promote the exchange and documentation of personal data protection legislation and practice.

2. (...)

 

Direktiv close

Art. 28

(….).

6. Each supervisory authority is competent, whatever the national law applicable to the processing in question, to exercise, on the territory of its own Member State, the powers conferred on it in accordance with paragraph 3. Each authority may be requested to exercise its powers by an authority of another Member State.

The supervisory authorities shall cooperate with one another to the extent necessary for the performance of their duties, in particular by exchanging all useful information.

Art. 50

Internasjonalt samarbeid om vern av personopplysninger

I forbindelse med tredjestater og internasjonale organisasjoner skal Kommisjonen og tilsynsmyndighetene treffe nødvendige tiltak for å

a) utvikle mekanismer for internasjonalt samarbeid for å fremme en effektiv håndheving av regelverket for vern av personopplysninger,

b) yte internasjonal gjensidig bistand ved håndheving av regelverket for vern av personopplysninger, herunder ved underretning, oversending av klager, etterforskningsbistand og informasjonsutveksling, tatt i betraktning nødvendige garantier for vern av personopplysninger og andre grunnleggende rettigheter og friheter,

c) trekke inn relevante berørte parter i drøftinger og aktiviteter som har som mål å fremme internasjonalt samarbeid om håndheving av regelverket for vern av personopplysninger,

d) fremme utveksling av og dokumentasjon på regelverket for vern av personopplysninger og praksis på området, herunder om kompetansekonflikter med tredjestater.

Gamle loven close

Pol. § 42 Datatilsynets organisering og oppgaver

Datatilsynet er et uavhengig forvaltningsorgan administrativt underordnet Kongen og departementet. Kongen og departementet kan ikke gi instruks om eller omgjøre Datatilsynets utøving av myndighet i enkelttilfeller etter loven.

Datatilsynet skal

1) føre en systematisk og offentlig fortegnelse over alle behandlinger som er innmeldt etter § 31 eller gitt konsesjon etter § 33, med opplysninger som nevnt i § 18 første ledd jf. § 23,

2) behandle søknader om konsesjoner, motta meldinger og vurdere om det skal gis pålegg der loven gir hjemmel for dette,

3) kontrollere at lover og forskrifter som gjelder for behandling av personopplysninger blir fulgt, og at feil eller mangler blir rettet,

4) holde seg orientert om og informere om den generelle nasjonale og internasjonale utviklingen i behandlingen av personopplysninger og om de problemer som knytter seg til slik behandling,

5) identifisere farer for personvernet, og gi råd om hvordan de kan unngås eller begrenses,

6) gi råd og veiledning i spørsmål om personvern og sikring av personopplysninger til dem som planlegger å behandle personopplysninger eller utvikle systemer for slik behandling,3 herunder bistå i utarbeidelsen av bransjevise atferdsnormer,

7) etter henvendelse eller av eget tiltak gi uttalelse i spørsmål om behandling av personopplysninger, og

8) gi Kongen årsmelding om sin virksomhet.

Datatilsynet ledes av en direktør som utnevnes av Kongen. Kongen kan bestemme at direktøren ansettes på åremål.Avgjørelser som Datatilsynet fatter i medhold av § 9, § 12, § 27, § 28, § 30, § 33, § 34, § 35, § 44, § 46 og § 47 kan påklages til Personvernnemnda.4 Avgjørelser som fattes i medhold av § 27 eller § 28 kan påklages videre til Kongen dersom avgjørelsen gjelder personopplysninger som behandles for historiske formål.

close