Basis for PII transfer between jurisdictions
The organization should inform the customer in a timely manner of the basis for PII transfers between jurisdictions and of any intended changes in this...
...
- Licensed content not shown - LGPD (BRA)
Art.9: The data subject has the right to easily
access information regarding the processing of data,
which must be made available in a clear, adequate,
and ostensive manner, among other characteristics
outlined in regulations to comply with the principle of
free access:
I – Specific purpose of processing;
II – Form and duration of processing, respecting
commercial and industrial secrecy;
III – Identification of the controller;
IV – The controller’s contact information;
V – Information regarding the shared use of data by
the controller and the purpose of the sharing;
VI – Liabilities of the processing agents; and
VII – The data subject’s rights with explicit mention
of the rights contemplated in Article 18 of this Law. § 1 If consent is requested, such consent will be
considered void in case the information provided to
the data subject have misleading or abusive content or
were not previously presented in a transparent, clear,
and unambiguous manner.
§ 2 If consent is requested, if there is a change in the
purpose of the processing of personal data that is not
compatible with the original consent, the controller
must inform the data subjects beforehand, who may
revoke the consent, if they disagree with the changes.
§ 3 When the processing of personal data is a
condition for the provision of a good or service or the
exercise of a right, the data subjects will be informed in
a highlighted manner regarding this fact and the means
through which they may exercise the rights identified in
Article 18 of this Law. Art.33: The international transfer of personal data
will only be permitted in the following cases:
I – To countries or international organizations that
offer a level of protection of personal data that is
adequate to the protection provided in this Law;
II – When the controller offers and proves
guarantees of compliance with the principles, the
rights of the data subject, and the data protection
regime outlined in this Law, in the form of:
a) Specific contractual clauses for a particular
transfer;
b) Standard contractual clauses;
c) Binding corporate rules;
d) Certificates, and codes of conduct regularly
issued; III – When necessary for international legal
cooperation between government intelligence,
investigation, and prosecution bodies, according to
instruments of international law;
IV – When necessary for the protection of life or the
physical safety of the data subject or third party;
V – When authorized by the National Data
Protection Authority;
VI – When resulting from a commitment made in an
international cooperation agreement;
VII – When necessary for the execution of a public
policy or the fulfillment of a government legal duty,
being publicly disclosed under the terms of item I of
the head provision of Article 23 of this Law;
VIII – When the data subject has provided specific
and highlighted consent for the transfer, with prior
information on the international character of the
operation, clearly distinguishing this from the other
purposes; or
IX – When necessary to answer to scenarios
outlined in items II, V, and VI Article 7 of this Law.
Sole Paragraph. For the purposes of item I of this
Article, public legal entities referred to in the sole
paragraph of Article 1 of Law. 12,527, dated of
November 18, 2011 (Information Access Law), within
the scope of their legal powers, and responsible
individuals, within the scope of their activities, may
request from the National Data Protection Authority an
evaluation of the level of protection of personal data
provided by a country or international organization. Personal Data Protection Act - Singapore
Personal Information Protection Act - South Korea
Turkish Data Protection Law numbered 6698