(1)
Pursuant to Directive 95/46/EC Member States are required to provide that the transfer of personal data to a third country may take place only if the third country in question ensures an adequate level of protection and if the Member States' laws implementing other provisions of the Directive are complied with prior to the transfer.
(3)
Pursuant to Directive 95/46/EC the level of data protection should be assessed in the light of all the circumstances surrounding a data transfer operation or a set of data transfer operations, and giving particular consideration to a number of elements relevant for the transfer and listed in Article 25(2) thereof.
(4)
Given the different approaches to data protection in third countries, the adequacy assessment should be carried out, and any decision based on Article 25(6) of Directive 95/46/EC should be made and enforced in a way that does not arbitrarily or unjustifiably discriminate against or between third countries where like conditions prevail, nor constitute a disguised barrier to trade, regard being had to the Community's present international commitments.
(5)
The Isle of Man is one of the dependencies of the British Crown (being neither part of the United Kingdom nor a colony) that enjoys full independence, except for international relations and defense which are the responsibility of the United Kingdom Government The Isle of Man should therefore be considered as a third country within the meaning of the Directive.
(7)
As regards the Isle of Man, the legal standards on the protection of personal data based on the standards set out in Directive 95/46/EC have been provided for in the Data Protection Act 2002 (”the Act”), which entered into force on 1 April 2003. This Act repeals and replaces the Data Protection Act 1986 (”the 1986 Act”).
(10)
The Isle of Man should therefore be regarded as providing an adequate level of protection for personal data as referred to in Directive 95/46/EC.
(12)
The measures provided for in this Decision are in accordance with the opinion of the Committee established under Article 31(1) of Directive 95/46/EC,
HAS ADOPTED THIS DECISION:
For the purposes of Article 25(2) of Directive 95/46/EC, the Isle of Man is considered as providing an adequate level of protection for personal data transferred from the Community.
This Decision concerns the adequacy of protection provided in the Isle of Man with a view to meeting the requirements of Article 25(1) of Directive 95/46/EC and does not affect other conditions or restrictions implementing other provisions of that Directive that pertain to the processing of personal data within the Member States.
1. Without prejudice to their powers to take action to ensure compliance with national provisions adopted pursuant to provisions other than Article 25 of Directive 95/46/EC, the competent authorities in Member States may exercise their existing powers to suspend data flows to a recipient in the Isle of Man in order to protect individuals with regard to the processing of their personal data in the following cases:
3. If the information collected under Article 3 and under paragraphs 1 and 2 of this Article provides evidence that any body responsible for ensuring compliance with the standards of protection in the Isle of Man is not effectively fulfilling its role, the Commission shall inform the competent Isle of Man authority and, if necessary, present draft measures in accordance with the procedure referred to in Article 31 (2) of Directive 95/46/EC with a view to repealing or suspending this Decision or limiting its scope.
The Commission shall monitor the functioning of this Decision and report any pertinent findings to the Committee established under Article 31 of Directive 95/46/EC, including any evidence that could affect the finding in Article 1 of this Decision that protection in the Isle of Man is adequate within the meaning of Article 25 of Directive 95/46/EC and any evidence that this Decision is being implemented in a discriminatory way.