?

Avis juridique important Pomembno pravno obvestilo
||
32003D049032003D0490
2003/490/EC: Commission Decision of 30 June 2003 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Argentina (Text with EEA relevance)
 
Official Journal L 168 , 05/07/2003 P. 0019 - 0022Uradni list L 168 , 05/07/2003 str. 0019 - 0022
Commission DecisionOdločba Komisije
of 30 June 2003z dne 30. junija 2003
pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Argentinav skladu z Direktivo 95/46/ES Evropskega parlamenta in Sveta o ustreznem varstvu osebnih podatkov v Argentini
(Text with EEA relevance)(Besedilo velja za EGP)
(2003/490/EC)(2003/490/ES)
THE COMMISSION OF THE EUROPEAN COMMUNITIES,KOMISIJA EVROPSKIH SKUPNOSTI JE –
Having regard to the Treaty establishing the European Community,ob upoštevanju Pogodbe o ustanovitvi Evropske skupnosti,
Having regard to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data(1), and in particular Article 25(6) thereof,ob upoštevanju Direktive 95/46/ES Evropskega parlamenta in Sveta z dne 24. oktobra 1995 o varstvu posameznikov pri obdelavi osebnih podatkov in o prostem pretoku takih podatkov [1] in zlasti člena 25(6) Direktive,
Whereas:ob upoštevanju naslednjega:
(1) Pursuant to Directive 95/46/EC Member States are required to provide that the transfer of personal data to a third country may take place only if the third country in question ensures an adequate level of protection and if the Member States' laws implementing other provisions of the Directive are complied with prior to the transfer.(1) V skladu z Direktivo 95/46/ES morajo države članice zagotoviti, da se prenos osebnih podatkov tretji državi izvede le, če zadevna tretja država zagotovi ustrezno raven varstva in če so zakoni držav članic o izvajanju drugih določb Direktive usklajeni pred prenosom.
(2) The Commission may find that a third country ensures an adequate level of protection. In that case, personal data may be transferred from the Member States without additional guarantees being necessary.(2) Komisija lahko ugotovi, da tretja država zagotavlja ustrezno raven varstva. V tem primeru se osebni podatki lahko prenesejo iz držav članic brez dodatnih potrebnih zagotovil.
(3) Pursuant to Directive 95/46/EC the level of data protection should be assessed in the light of all the circumstances surrounding a data transfer operation or a set of data transfer operations, and giving particular consideration to a number of elements relevant for the transfer and listed in Article 25(2) thereof. The Working Party on Protection of Individuals with regard to the processing of Personal Data, established under Article 29 of Directive 95/46/EC, issued guidance on the making of such assessments(2).V skladu z Direktivo 95/46/ES se raven varstva podatkov oceni glede na vse okoliščine, ki obdajajo postopek prenosa ali niz postopkov prenosa podatkov, in ob posvečanju posebne pozornosti številnim elementom, pomembnim za prenos in navedenim v členu 25(2) Direktive. Delovna skupina o varstvu posameznikov pri obdelavi osebnih podatkov, ustanovljena v skladu s členom 29 Direktive 95/46/ES, je izdala navodila za pripravo takšnih ocen [2].
(4) Given the different approaches to data protection in third countries, the adequacy assessment should be carried out, and any decision based on Article 25(6) of Directive 95/46/EC should be made and enforced in a way that does not arbitrarily or unjustifiably discriminate against or between third countries where like conditions prevail, nor constitute a disguised barrier to trade, regard being had to the Community's present international commitments.(4) Glede na različne pristope k varstvu podatkov v tretjih državah bi se morala izvesti ocena ustreznosti in vsaka odločitev, sprejeta na podlagi člena 25(6) Direktive 95/46/ES, bi se morala sprejeti in uveljaviti tako, da ne bo samovoljno in neupravičeno diskriminirala tretje države, kjer prevladujejo podobne razmere, in tudi ne predstavljala prikrite trgovinske ovire, ob upoštevanju sedanjih mednarodnih zavez Skupnosti.
(5) As regards Argentina, the legal standards on the protection of personal data have been provided for in general and sector-specific rules. Both of them have binding legal effect.(5) Glede Argentine so bili pravni standardi o varstvu osebnih podatkov opredeljeni v splošnih in področnih pravilih. Oboja imajo zavezujoči pravni učinek.
(6) General rules are laid down in the Constitution, the Personal Data Protection Act No 25.326 and the Regulation approved by Decree No 1558/2001 (hereinafter "Argentine Law").(6) Splošna pravila so določena v Ustavi, Zakonu o varstvu osebnih podatkov št. 25.326 in Uredbi, potrjeni z Odlokom št. 1558/2001 (v nadaljevanju "argentinski zakon").
(7) The Argentine Constitution provides for a special judicial remedy for the protection of personal data, known as "habeas data". This is a subcategory of the procedure enshrined in the Constitution for the protection of constitutional rights and therefore makes the protection of personal data a fundamental right. According to Article 43.3 of the Constitution any person is entitled, under the "habeas data" rule, to know the content and purpose of all the data pertaining to him or her contained in public records or data banks, or in private ones whose purpose is to provide reports. According to that Article in case of falsehood of information or its use for discriminatory purposes, a person will be able to demand the deletion, correction, confidentiality or update of the data contained in the above records. The Article will not affect the secrecy of journalistic information sources. Argentine jurisprudence has recognised "habeas data" as a fundamental and directly applicable right.(7) Argentinska ustava določa posebno pravno sredstvo za varstvo osebnih podatkov, imenovano "habeas data". To je podkategorija postopka, vsebovana v ustavi zaradi varstva ustavnih pravic, zaradi katere je varstvo osebnih podatkov temeljna pravica. V skladu s členom 43.3 ustave je vsaka oseba upravičena, v skladu s pravilom "habeas data", do poznavanja vsebine in namena vseh podatkov, ki se nanašajo nanj ali nanjo, vsebovanih v javnih oziroma zasebnih registrih ali bankah podatkov, katerih namen je pripravljanje poročil. V skladu z navedenim členom lahko oseba v primeru neresničnih podatkov ali uporabi le-teh v diskriminacijske namene zahteva izbris, popravek, zaupnost ali dopolnitev podatkov, vsebovanih v zgoraj navedenih registrih. Člen ne bo vplival na tajnost novinarskih virov podatkov. Argentinska sodna praksa je priznala "habeas data" kot temeljno pravico, ki se uporablja neposredno.
(8) The Personal Data Protection Act No 25.326 of 4 October 2000 (hereinafter "the Act") develops and widens the Constitutional provisions. It contains provisions relating to general data protection principles, the rights of data subjects, the obligations of data controllers and data users, the supervisory authority or controlling body, sanctions, and rules of procedure in seeking "habeas data" as a judicial remedy.(8) Zakon o varstvu osebnih podatkov št. 25.326 z dne 4. oktobra 2000 (v nadaljevanju "Zakon") razvija in širi ustavne določbe. Vsebuje določbe, ki se nanašajo na splošna načela varstva podatkov, pravice posameznikov, na katere se nanašajo osebni podatki, obveznosti upravljavcev podatkov in uporabnikov podatkov, nadzorni organ ali kontrolni organ, sankcije in pravila postopka v uresničevanju "habeas data" kot pravnega sredstva.
(9) The Regulation, approved by Decree No 1558/2001 of 3 December 2001 (hereinafter "the Regulation"), lays down rules for the enactment of the Act, supplements its provisions, and clarifies points of the Act that may be subject to diverging interpretation.(9) Uredba, potrjena z Odlokom št. 1558/2001 z dne 3. decembra 2001 (v nadaljevanju "Uredba"), določa pravila za uveljavitev Zakona, dopolnjuje njegove določbe in pojasnjuje točke Zakona, ki so lahko predmet različnih razlag.
(10) Argentine Law covers the protection of personal data recorded in data files, registers, data banks or other technical means, which are public; and the protection of personal data recorded in data files, registers, data banks or other technical means which are private, whose purpose is to provide reports. This includes those which go beyond an exclusively personal use, and those which are intended for the assignment or transfer of personal data, irrespective of whether the circulation of the data or information produced is performed for payment or free of charge.(10) Argentinski zakon zajema varstvo osebnih podatkov, zbranih v zbirkah podatkov, registrih, bankah podatkov ali drugih tehničnih sredstvih, ki so javni; in varstvo osebnih podatkov, zbranih v zbirkah podatkov, registrih, bankah podatkov ali drugih tehničnih sredstvih, ki so zasebni in katerih namen je pripravljanje poročil. To vključuje tista, ki presegajo izključno osebno uporabo, in tista, ki so namenjena prenosu osebnih podatkov, ne glede na to, ali se obtok nastalih podatkov in informacij izvaja za plačilo ali zastonj.
(11) Certain provisions of the Act apply uniformly throughout Argentina. They include general provisions and provisions concerning general data protection principles, rights of the data subjects, obligations of data controllers and users of data files, registers and data banks, criminal sanctions, and the existence and main features of the "habeas data" judicial remedy as established in the Constitution.(11) Nekatere določbe Zakona se uporabljajo enotno v vsej Argentini. Vključujejo splošne določbe in določbe v zvezi s splošnimi načeli varstva podatkov, pravicami posameznikov, na katere se nanašajo osebni podatki, obveznostmi upravljavcev podatkov in uporabnikov zbirk podatkov, registrov in bank podatkov, kazenskimi sankcijami ter obstojem in glavnimi značilnostmi pravnega sredstva "habeas data", kakor je določen v ustavi.
(12) Other provisions of the Act apply to registers, data files, databases or data banks which are interconnected through networks at inter-jurisdictional (meaning "interprovincial"), national or international level, and which are considered as falling within federal jurisdiction. They concern the control exercised by the supervisory authority, sanctions imposed by the supervisory authority, and the rules of procedure concerning the "habeas data" judicial remedy. Other kinds of registers, data files, databases or data banks should be regarded as falling under provincial jurisdiction. The provinces may issue legal provisions on these matters.(12) Druge določbe Zakona se uporabljajo za registre, zbirke podatkov, baze podatkov ali banke podatkov, ki so med seboj povezane prek omrežij na medpristojnostni (to je "medpokrajinski"), nacionalni ali mednarodni ravni, za katere se šteje, da spadajo pod zvezno pristojnost. Nanašajo se na nadzor, ki ga izvaja nadzorni organ, sankcije, ki jih je naložil nadzorni organ, in pravila postopka v zvezi s pravnim sredstvom "habeas data". Za druge registre, zbirke podatkov, baze podatkov ali banke podatkov se šteje, da spadajo pod pokrajinsko pristojnost. Pokrajine lahko izdajo pravne določbe glede teh zadev.
(13) Data protection provisions are also contained in a number of legal instruments regulating different sectors, such as credit card transactions, statistics, banking or health.(13) Določbe o varstvu podatkov so prav tako vsebovane v številnih pravnih instrumentih, ki urejajo različna področja, kot so poslovanje s kreditnimi karticami, statistika, bančništvo ali zdravstvo.
(14) Argentine Law covers all the basic principles necessary for an adequate level of protection for natural persons, even if exceptions and limitations are also provided in order to safeguard important public interests. The application of these standards is guaranteed by a special, simplified and quick judicial remedy for the protection of personal data, known as "habeas data", along with the general judicial remedies. The Act provides for the establishment of a data protection controlling body charged with taking all actions necessary for compliance with the objectives and provisions of the Act and endowed with powers of investigation and intervention. Pursuant to the Regulation, the National Directorate for the Protection of Personal Data was established as the controlling body. Argentine Law provides for effective dissuasive sanctions, of both an administrative and a criminal nature. Furthermore, the provisions of Argentine law regarding civil liability (both contractual and extra-contractual) apply in the event of unlawful processing which is prejudicial to the persons concerned.(14) Argentinski zakon zajema vsa osnovna načela, potrebna za ustrezno raven varstva fizičnih oseb, tudi če so izjeme in omejitve prav tako določene za zaščito pomembnih javnih interesov. Uporaba teh standardov je zagotovljena s posebnim, poenostavljenim in hitrim pravnim sredstvom za varstvo osebnih podatkov, imenovanim "habeas data", skupaj s splošnimi pravnimi sredstvi. Zakon predvideva ustanovitev kontrolnega organa za varstvo podatkov, ki je zadolžen za izvajanje vseh ukrepov, potrebnih za doseganje skladnosti s cilji in določbami Zakona, in pooblaščen za preiskavo in posredovanje. V skladu z Uredbo je bil kot kontrolni organ ustanovljen Nacionalni direktorat za varstvo osebnih podatkov. Argentinski zakon predvideva učinkovite odvračilne sankcije tako upravne kot kazenske narave. Poleg tega se določbe argentinskega zakona o civilnopravni odgovornosti (tako pogodbeni kot izvenpogodbeni) uporabljajo v primeru nezakonite obdelave, ki škodi zadevnim osebam.
(15) The Argentine government has provided explanations and assurances as to how the Argentine law is to be interpreted, and has given assurances that the Argentine data protection rules are implemented in accordance with such interpretation. This Decision is based on these explanations and assurances, and is therefore conditional upon them. In particular, this decision relies on the explanations and assurances given by the Argentine authorities as to how the Argentine law is to be interpreted as regards which situations fall within the scope of the Argentine law in data protection.(15) Argentinska vlada je priskrbela razlage in zagotovila, kako naj se razlaga argentinski zakon, in podala zagotovila, da so argentinska pravila za varstvo podatkov uresničena v skladu s tako razlago. Ta odločba temelji na teh razlagah in zagotovilih in je zato pogojena z njimi. Ta odločba je zlasti odvisna od razlag in zagotovil, ki so jih podali argentinski organi oblasti glede tega, kako naj se razlaga argentinski zakon pri vprašanju, katere situacije sodijo v obseg uporabe argentinskega zakona na področju varstva podatkov.
(16) Argentina should therefore be regarded as providing an adequate level of protection for personal data as referred to in Directive 95/46/EC.(16) Za Argentino se zato šteje, da zagotavlja ustrezno raven varstva osebnih podatkov v smislu Direktive 95/46/ES.
(17) In the interest of transparency and in order to safeguard the ability of the competent authorities in the Member States to ensure the protection of individuals as regards the processing of their personal data, it is necessary to specify the exceptional circumstances in which the suspension of specific data flows may be justified, notwithstanding the finding of adequate protection.(17) Zaradi preglednosti in za zaščito zmožnosti pristojnih organov v državah članicah, da zagotavljajo varstvo posameznikov v zvezi z obdelavo njihovih osebnih podatkov, je treba opredeliti izjemne okoliščine, v katerih se lahko opraviči ustavitev prenosa posebnih podatkov, ne glede na ugotovitve ustreznega varstva.
(18) The Working Party on Protection of Individuals with regard to the processing of Personal Data established under Article 29 of Directive 95/46/EC has delivered an opinion on the level of protection of personal data in Argentina(3), which has been taken into account in the preparation of this Decision.Delovna skupina o varstvu posameznikov pri obdelavi osebnih podatkov, ustanovljena v skladu s členom 29 Direktive 95/46/ES, je podala mnenje o ravni varstva osebnih podatkov v Argentini [3], ki je bilo upoštevano pri pripravi te odločbe.
(19) The measures provided for in this Decision are in accordance with the opinion of the Committee established under Article 31(1) of Directive 95/46/EC,(19) Ukrepi, predvideni v tej odločbi, so v skladu z mnenjem Odbora, ustanovljenim v skladu s členom 31(1) Direktive 95/46/ES –
HAS ADOPTED THIS DECISION:SPREJELA NASLEDNJO ODLOČBO:
Article 1Člen 1
For the purposes of Article 25(2) of Directive 95/46/EC, Argentina is regarded as providing an adequate level of protection for personal data transferred from the Community.Za namene člena 25(2) Direktive 95/46/ES se za Argentino šteje, da zagotavlja ustrezno raven varstva osebnih podatkov, prenesenih iz Skupnosti.
Article 2Člen 2
This Decision concerns only the adequacy of protection provided in Argentina with a view to meeting the requirements of Article 25(1) of Directive 95/46/EC and does not affect other conditions or restrictions implementing other provisions of that Directive that pertain to the processing of personal data within the Member States.Ta odločba se zaradi izpolnjevanja zahtev člena 25(1) Direktive 95/46/ES nanaša samo na ustreznost varstva, ki ga zagotavlja Argentina, in ne vpliva na druge pogoje ali omejitve, ki uresničujejo druge določbe navedene direktive, ki se nanašajo na obdelavo osebnih podatkov v državah članicah.
Article 3Člen 3
1. Without prejudice to their powers to take action to ensure compliance with national provisions adopted pursuant to provisions other than Article 25 of Directive 95/46/EC, the competent authorities in Member States may exercise their existing powers to suspend data flows to a recipient in Argentina in order to protect individuals with regard to the processing of their personal data in cases where:1. Brez vpliva na njihova pooblastila izvajanja ukrepov za zagotovitev skladnosti z nacionalnimi določbami, sprejetimi v skladu z vsemi ostalimi določbami, razen tistimi iz člena 25 Direktive 95/46/ES, lahko pristojni organi v državah članicah izvajajo svoja obstoječa pooblastila za ustavitev prenosa podatkov prejemniku v Argentini z namenom zaščite posameznikov pri obdelavi njihovih podatkov v primerih, kadar:
(a) a competent Argentine authority has determined that the recipient is in breach of the applicable standards of protection; or(a) argentinski pristojni organ ugotovi, da prejemnik krši veljavne standarde zaščite; ali
(b) there is a substantial likelihood that the standards of protection are being infringed; there are reasonable grounds for believing that the competent Argentine authority is not taking or will not take adequate and timely steps to settle the case at issue; the continuing transfer would create an imminent risk of grave harm to data subjects and the competent authorities in the Member State have made reasonable efforts in the circumstances to provide the party responsible for processing established in Argentina with notice and an opportunity to respond.(b) obstaja velika verjetnost, da so kršeni standardi varstva; obstajajo upravičeni razlogi za domnevo, da argentinski pristojni organ ne izvaja ali ne bo izvajal ustreznih in pravočasnih ukrepov za rešitev spornega primera; bi nadaljnji prenos ustvaril neposredno grožnjo hude škode posameznikom, na katere se nanašajo osebni podatki, in so si pristojni organi v državah članicah ustrezno prizadevali v okoliščinah, da bi zagotovili v Argentini ustanovljeni stranki, odgovorni za obdelavo, obvestilo in priložnost za odziv.
The suspension shall cease as soon as the standards of protection are assured and the competent authority concerned in the Community is notified thereof.Ustavitev preneha takoj, ko so zagotovljeni standardi varstva in se o tem obvesti pristojni zadevni organ v Skupnosti.
2. Member States shall inform the Commission without delay when measures are adopted on the basis of paragraph 1.2. Države članice obvestijo Komisijo nemudoma, ko so sprejeti ukrepi na podlagi odstavka 1.
3. The Member States and the Commission shall inform each other of cases where the action of bodies responsible for ensuring compliance with the standards of protection in Argentina fails to secure such compliance.3. Države članice in Komisija se medsebojno obvestijo o primerih, kadar ukrepi organov, odgovornih za zagotavljanje skladnosti s standardi varstva v Argentini, ne zagotavljajo take skladnosti.
4. If the information collected under paragraphs 1, 2 and 3 provides evidence that any body responsible for ensuring compliance with the standards of protection in Argentina is not effectively fulfilling its role, the Commission shall inform the competent Argentine authority and, if necessary, present draft measures in accordance with the procedure referred to in Article 31(2) of Directive 95/46/EC with a view to repealing or suspending this Decision or limiting its scope.4. Če podatki, zbrani v skladu z odstavki 1, 2 in 3, dokazujejo, da kateri koli organ, odgovoren za zagotavljanje skladnosti s standardi varstva v Argentini, ne izpolnjuje učinkovito svoje vloge, Komisija obvesti pristojni argentinski organ in, če je potrebno, predstavi osnutek ukrepov v skladu s postopkom iz člena 31(2) Direktive 95/46/ES z namenom razveljavitve ali odložitve uporabe te odločbe oz. omejitve obsega njene uporabe.
Article 4Člen 4
1. This Decision may be amended at any time in the light of experience with its functioning or of changes in Argentine legislation, its implementation and interpretation.1. Ta odločba se lahko spremeni kadar koli ob upoštevanju izkušenj z njenim delovanjem ali sprememb v argentinski zakonodaji, v njenem izvajanju in razlagi.
The Commission shall monitor the functioning of this Decision and report any pertinent findings to the Committee established under Article 31 of Directive 95/46/EC, including any evidence that could affect the finding in Article 1 of this Decision that protection in Argentina is adequate within the meaning of Article 25 of Directive 95/46/EC and any evidence that this Decision is being implemented in a discriminatory way.Komisija nadzira delovanje te odločbe in poroča o kakršnih koli ustreznih ugotovitvah odboru, ustanovljenemu v skladu s členom 31 Direktive 95/46/ES, vključno o kakršnih koli dokazih, ki bi lahko vplivali na ugotovitev v členu 1 te odločbe, da je varstvo v Argentini ustrezno v okviru pomena člena 25 Direktive 95/46/ES, in kakršnih koli dokazih, da se ta odločba izvaja na diskriminacijski način.
2. The Commission shall, if necessary, present draft measures in accordance with the procedure referred to in Article 31(2) of Directive 95/46/EC.2. Komisija po potrebi predstavi osnutek ukrepov v skladu s postopkom iz člena 31(2) Direktive 95/46/ES.
Article 5Člen 5
Member States shall take all the measures necessary to comply with this Decision at the latest at the end of a period of 120 days from the date of its notification to the Member States.Države članice sprejmejo vse ukrepe, potrebne za uskladitev s to odločbo, najkasneje po izteku obdobja 120 dni od datuma notifikacije te odločbe državam članicam.
Article 6Člen 6
This Decision is addressed to the Member States.Ta odločba je naslovljena na države članice.
Done at Brussels, 30 June 2003.V Bruslju, 30. junija 2003
For the CommissionZa Komisijo
Frederik BolkesteinFrederik Bolkestein
Member of the CommissionČlan Komisije
(1) OJ L 281, 23.11.1995, p. 31.[1] UL L 281, 23.11.1995, str. 31.
(2) Opinion 12/98, adopted by the Working Party on 24 July 1998: Transfers of personal data to third countries: applying Articles 25 and 26 of the EU Data Protection Directive (DG MARKT D/5025/98), available on Europa, the website hosted by the European Commission:[2] Mnenje 12/98, ki ga je sprejela delovna skupina 24. julija 1998: Prenosi podatkov tretjim državam: za uporabo členov 25 in 26 Direktive o varstvu podatkov Evropske unije (DG MARKT D/5025/98), dostopno na Europi, spletni strani, ki jo gosti Evropska Komisija:
http://europa.eu.int/comm/ internal_market/en/dataprot/wpdocs/ wpdocs_98.htm.- http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/wpdocs_98.htm.
(3) Opinion 4/2002 on the level of protection of personal data in Argentina - WP 63 of 3 October 2002 available at[3] Mnenje 4/2002 o ravni varstva osebnih podatkov v Argentini – WP 63 z dne 3. oktobra 2002, dostopno na
http://europa.eu.int/comm/ internal_market/en/dataprot/wpdocs/ index.htm.- http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/index.htm.
 --------------------------------------------------