The European Commission has formally approved Uruguay as a country providing “adequate” data protection for personal data. Transfers of personal data from organisations within the European Economic Area (EEA) to Uruguay can now take place without the requirement for additional safeguards where transfers are made out of the EEA.
In addition, the Article 29 Working Party, which is made up of representatives from the data protection regulators throughout the European Union, has issued an opinion that states that the Principality of Monaco also ensures an “adequate” level of data protection for personal data. The European Commission may now decide to formally approve Monaco’s “adequate” status for transfers of personal data.
Under the Data Protection Directive, transfers of personal data to countries outside of the EEA can only take place if the relevant country is considered to have “adequate” data protection laws in place or if certain other conditions are fulfilled, such as consent of the data subject or having an appropriate agreement between the two parties to the data transfer to certify that the transfer will be undertaken in accordance with European Union law.