(1)
Pursuant to Directive 95/46/EC, Member States are required to provide that the transfer of personal data to a third country may take place only if the third country in question ensures an adequate level of protection and if the Member States' laws implementing other provisions of the Directive are complied with prior to the transfer.
(2)
The Commission may find that a third country ensures an adequate level of protection. In that case, personal data may be transferred from the Member States without additional guarantees being necessary.
(6)
The Home Rule Act of the Faeroe Islands divides all policy areas into two main groups, whereby Special Faeroese Affairs are the responsibility of the Faeroese Government’s administration and legislation and Joint Concerns are the responsibility of the Kingdom of Denmark. This Decision only covers transfer of personal data from the Community to recipients in the Faeroe Islands who are subject to the Act on Processing of Personal Data (3) (‘the Faeroese Act’). The Faeroese Act does not apply to the processing of personal data in the course of an activity carried out by authorities of the Kingdom of Denmark, namely, the High Commissioner of the Faeroe Islands (Rigsombudsmanden), the Court of the Faeroe Islands (Sorenskriveren), the Commissioner of the Faeroe Islands (Politimesteren på Færøerne), the Prison and Probation Service of the Faeroe Islands (Kriminalforsorgens afdeling), the Island Command Faeroes (Færøernes Kommando) and the Chief Medical Officer of the Faeroe Islands (Landslægen).
(7)
The Faeroese Act is based on the standards set out in Directive 95/46/EC and accordingly it covers all the basic principles necessary for an adequate level of protection of the right of natural persons to privacy with respect to the processing of personal data. The application of these standards is guaranteed by judicial remedy and by independent supervision carried out by the supervisory authority, the Data Protection Commissioner, who is invested with powers of investigation and intervention.
(8)
In the interest of transparency and in order to safeguard the ability of the competent authorities in the Member States to ensure the protection of individuals as regards the processing of their personal data, it is necessary to specify the exceptional circumstances in which the suspension of specific data flows may be justified, notwithstanding the finding of adequate protection.
For the purposes of Article 25(2) of Directive 95/46/EC, the Faeroe Islands are considered as providing an adequate level of protection for personal data transferred from the European Union to recipients subject to the Act on Processing of Personal Data (‘the Faeroese Act’).
This Decision concerns only the adequacy of protection provided in the Faeroe Islands by the Faeroese Act with a view to meeting the requirements of Article 25(1) of Directive 95/46/EC and does not affect other conditions or restrictions implementing other provisions of that Directive that pertain to the processing of personal data within the Member States.
1. Without prejudice to their powers to take action to ensure compliance with national provisions adopted pursuant to provisions other than Article 25 of Directive 95/46/EC, the competent authorities in Member States may exercise their existing powers to suspend data flows to a recipient in the Faeroe Islands whose activities fall within the scope of the Faeroese Act in order to protect individuals with regard to the processing of their personal data in the following cases: