Page 1

Page 2

CONNECTION No.1
LIST OF COUNTRIES WITH SUFFICIENT LEVEL OF PROTECTION
PERSONAL DATA
- In accordance with point 1 (a) are listed " Member States of the European Union 1 "
• Austria

• The Netherlands

• Belgium

• Poland

• Bulgarian

• Portugal

• Cyprus

• Romania

• Czech Republic

• Slovakia

• Denmark

• Slovenia

• Estonia

• Spain

• Finland

• Sweden

• France

• Great Britain

• Germany

• Croatia

• Greece

• Malta

• Hungary

• Latvia

• Ireland

• Lithuania

• Italy

• Luxembourg

- In accordance with point 1 (b) are listed, “Member States of the Economic Zone
European 2 ”
• Iceland
• Liechtenstein
• Norway
• Switzerland
- In accordance with point 1 (c) are listed , “States Parties to Convention no. 108 of the Council of
Europe “On the Protection of Individuals with regard to Automatic Data Processing
member states of the European Union are also parties to Convention no. 108 of the Council of Europe “On the Protection of Individuals with regard to
automatic processing of personal data ”, as well as its Additional Protocol of 1981.
2 The member states of the European Economic Area are also parties to Convention no. 108 of the Council of Europe “On the Protection of Individuals in
1 The

regarding the automatic processing of personal data ”, as well as its Additional Protocol of 1981.

Page 3

personal ”, as well as its Additional Protocol of 1981, which have adopted a law of
special and have set up a supervisory authority exercising its function in complete independence, by
provide appropriate legal mechanisms, including handling complaints, drafting and guaranteeing
transparency of personal data processing.
• Albania
• Georgia
• Bosnia and Herzegovina
• Republic of Macedonia
• Montenegro
• Moldova
• Principality of Monaco
• Serbia
- In accordance with point 1 (ç) are listed, “States to which they can be transferred to
personal data according to a decision of the European Commission "
1. Andora
Commission Decision no. 2010/625, dated 19 October 2010, pursuant to the Directive
95/46 / EC of the European Parliament and of the Council “On the adequate protection of
personal data in Andorra ”(notified under document C (2010/7084)
(Opinion 7/2009 of the Article 29 Working Group, “On the level of protection of
personal data in the Principality of Andorra ”).
2. Argentina
Commission Decision C (2003/1731) of 30 June 2003-OJL
168.05.07.2003.
(Opinion 4/2002 of the Article 29 Working Group “On the level of protection of
personal data in Argentina ”, document no. 63).
3. Canada
Commission Decision 2002/2 / EC of 20.12.2001 “On the protection of
sufficient personal data under the Canadian Protection Act
Personal Information and Electronic Documents ”- OJL 2/13 dated
04.01.2002
(Opinion 2/2001 of the Article 29 Working Group “On the adequate protection of
data from the Canadian Personal Information Protection and Documents
Electronics ”, document no. 39).
4. Guernsey
Commission Decision dated 21 November 2003 “On the adequate protection of
personal data in Guernsey ”.
Opinion 5/2003 of the Article 29 Working Group “On the level of protection of
Guernsey data ”, document no. 79).

Page 4

5. Isle of Man
Commission Decision 2004/411 / EC dated 28.4.2004 “On the protection of
sufficient personal data on the Isle of Man ”.
(Opinion 6/2003 of the Article 29 Working Group “On the level of protection of
personal data in the Isle of Man ”, document no. 82).

6. Jersey
Commission Decision of 8 May 2008 pursuant to Directive 95/46 / EC of
European Parliament and the Council “On a sufficient level of protection
of personal data in Jersey ”(notified under document number
C (2008/1746)
- OJ L 138, 28.05.2008)
(Opinion 8/2007 of the Article 29 Working Group, “On the level of protection of
personal data in Jersey ”, document no. 141).
7. Switzerland (also as a member of the EEA)
Commission Decision of 26 July 2000 under Directive 95/46 / EC of
European Parliament and of the Council “On a sufficient level of protection
of personal data in Switzerland ”.
(Opinion 5/1999 of the Working Group of Article 29 “On the level of protection of
personal data in Switzerland ”, document no. 22).
8. Faroe Islands
Commission Decision of 5 March 2010 pursuant to Directive 95/46 / EC of
European Parliament and of the Council “On a sufficient level of
protection of personal data provided for in the Faroe Islands Act
processing of personal data ”, document C 2010/1130 of the Working Group of
Article 29).
9. Israel
Commission Decision 2011/61 / EU of 31 January 2011 under the Directive
95/46 / EC of the European Parliament and of the Council “On a sufficient level of
protection of personal data by the State of Israel in connection with the processing
automatic personal data ”.
(Opinion 6/2009 of the Working Group on Article 29 “On the sufficient level of
personal data protection in Israel ”, document no. 166).
10. New Zealand
Commission Decision 2013/65 EU of 19 December 2012, pursuant to the Directive
95/46 / EC of the European Parliament and of the Council “On the adequate protection of
personal data from New Zealand ”(notified under document C (2012/9557)
(Opinion 11/2011 of the Working Group of Article 29 “On the level of protection of
personal data in New Zealand ”).

Page 5

11. United States - European Union "Privacy Shield"
The European Commission on 12 July 2016 adopted an Eligibility Decision
of the Privacy Shield between the EU and the US.
On 2 February 2016, the European Commission and the United States agreed on
a new framework for transatlantic transfer data: EU-US “Privacy
Shield ”. On 29 February 2016, the Commission published a draft decision of
adequacy and relevant commitments by US authorities. Committee forward
final decision was also consulted with the Working Group Article 29).
(Opinion 01/2016 of the Article 29 Working Group on Privacy Shield, between the EU
USA)
On 6 October 2015, the EU Court of Justice by Commission Decision no. 2000
has declared Safe Harbor invalid. On 6 November 2015, the Commission
The European Union adopted a communiqué on the transfer of personal data from the EU
in the United States under Directive 95/46 / EC following the judgment of
Court of Justice in Case C-362/14 (Schrems). The goal was to offer
an overview of alternative means of transatlantic data transfer to
lack of a final decision.
12. Uruguay
Commission Decision C (2012) 5704 dated 21.08.2012 according to the Directive
95/46 / EC of the European Parliament and of the Council on the adequate protection of
personal data from the Republic of Uruguay in connection with the processing
automatic personal data.
(Opinion 6/2010 of the Article 29 Working Group “On the level of data protection
in the Republic of Uruguay ”).

