Privacy & Cybersecurity Law Blog

On July, 19, 2012, the Article 29 Working Party (the “Working Party”) issued an Opinion finding that the Principality of Monaco ensures an “adequate level of protection” for personal data within the meaning of the European Data Protection Directive (Article 25 of Directive 95/46/EC) (the “Directive”). Under the Directive, strict conditions apply to personal data transfers to countries outside the European Economic Area that are not considered to provide an “adequate” level of data protection.

In order to assess whether the Principality of Monaco guarantees an adequate level of protection, the Working Party focused on Monaco’s 1993 Act on the protection of personal data (as amended in 2009). The Working Party’s favorable findings are based primarily on a review of this Act with respect to relevant provisions in the Directive, such as the data collection transparency requirement and the right of access for data subjects.

This Opinion paves the way for a final adequacy ruling by the European Commission down the road. For example, after the Working Party issued a favorable opinion regarding the adequacy of Uruguay’s data protection regime in October 2010, the European Commission formally approved Uruguay’s status as a country providing adequate protection on August 21, 2012.

To date, the European Commission has recognized only a limited number of jurisdictions (Andorra, Argentina, Canada, Faeroe Islands, Guernsey, the Isle of Man, Israel, Jersey, Switzerland, Uruguay and the U.S. Department of Commerce Safe Harbor Privacy Principles) as providing an adequate level of data protection.