European Union (Enforcement of data subjects’ rights on transfer of personal data outside the European Union) Regulations S.I. No. 297/2021


BAILII is celebrating 24 years of free online access to the law! Would you consider making a contribution?

No donation is too small. If every visitor before 31 December gives just £1, it will have a significant impact on BAILII's ability to continue providing free access to the law.
Thank you very much for your support!



BAILII [Home] [Databases] [World Law] [Multidatabase Search] [Help] [Feedback]

Irish Statutory Instruments


You are here: BAILII >> Databases >> Irish Statutory Instruments >> European Union (Enforcement of data subjects’ rights on transfer of personal data outside the European Union) Regulations S.I. No. 297/2021
URL: http://www.bailii.org/ie/legis/num_reg/2021/0297.html

[New search] [Help]


S.I. No. 297/2021 - European Union (Enforcement of data subjects’ rights on transfer of personal data outside the European Union) Regulations 2021


Notice of the making of this Statutory Instrument was published in

“Iris Oifigiúil” of 29th June, 2021.

I, HEATHER HUMPHREYS, Minister for Justice, in exercise of the powers conferred on me by section 3 of the European Communities Act 1972 (No. 27 of 1972), and for the purpose of giving further effect to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 20161 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereby make the following regulations:

1. These Regulations may be cited as the European Union (Enforcement of data subjects’ rights on transfer of personal data outside the European Union) Regulations 2021.

2. The Data Protection Act 2018 (No. 7 of 2018) is amended by the insertion of the following section after section 117:

Judicial remedy for infringement of certain appropriate safeguards on transfers of personal data outside European Union

117A. (1) This section applies to a transfer of personal data by a controller or processor to a third country or an international organisation pursuant to Article 46 where the transfer is subject to appropriate safeguards provided for in the rules or clauses (in this section referred to as “relevant instruments”) set out in subsection (5).

(2) Without prejudice to any other remedy available to him or her, including his or her right to bring an action under section 117 or to lodge a complaint, a data subject whose personal data is included in a transfer referred to in subsection (1) may, where the transfer is subject to appropriate safeguards set out in a relevant instrument, enforce-

(a) any rights (whether described as third party beneficiary rights or otherwise) conferred on data subjects by, or any clauses or rules expressed to be for the benefit of data subjects in, the instrument concerned, and

(b) where that transfer is subject to any additional safeguards conferring rights on data subjects, those rights.

(3) An action to enforce any rights conferred on data subjects or any clauses or rules expressed to be for the benefit of data subjects referred to in subsection (2) shall be deemed to be an action founded on contract.

(4) Subsections (3) to (10) of section 117 shall apply to an action taken by a data subject under this section subject to the following modifications:

(a) a reference in those subsections to a data protection action shall be taken to be a reference to an action under this section,

(b) the reference in subsection (5) to the limit of that court’s jurisdiction in tort shall be taken to be a reference to the limit of that court’s jurisdiction in contract, and

(c) the reference in subsections (4)(b) and (8)(b) to compensation for damage suffered by the plaintiff as a result of the infringement of a relevant enactment shall be taken to be a reference to compensation for damage suffered by the plaintiff as a result of the infringement of the relevant instrument.

(5) The relevant instruments are:

(a) binding corporate rules approved in accordance with Article 47;

(b) standard data protection clauses adopted by the Commission in accordance with the examination procedure referred to in Article 93(2);

(c) standard data protection clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in Article 93(2);

(d) contractual clauses authorised by a supervisory authority pursuant to Article 46(3)(a);

(e) standard contractual clauses which are the subject of a decision adopted by the Commission in accordance with Article 26(4) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 19952 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.”.

http://www.irishstatutebook.ie/images/ls

GIVEN under my Official Seal,

24 June, 2021.

HEATHER HUMPHREYS,

Minister for Justice.

EXPLANATORY NOTE

(This is not part of the Statutory Instrument and does not purport to be a legal interpretation.)

This Order amends the Data Protection Act 2018 by providing for an express right on the part of individuals to enforce third party beneficiary rights conferred on data subjects under binding corporate rules and under standard data protection clauses adopted by the Commission or by a Supervisory Authority and approved by the Commission. The amendment to the Data Protection Act also provides for the enforcement of standard contractual clauses previously brought forward by the Commission under Directive 95/46/EC, as well as the enforcement of contractual clauses authorised by a supervisory authority pursuant to Article 46(3)(a) of the General Data Protection Regulation

1 O.J. No. L 119, 4.5.16, p. 1

2 O.J. No. L281, 23.11.1995, p.31


BAILII: Copyright Policy | Disclaimers | Privacy Policy | Feedback | Donate to BAILII
URL: http://www.bailii.org/ie/legis/num_reg/2021/0297.html