Je veux savoir à propos de…

C 253/2

EN

Official Journal of the European Union
18.7.2023

EUROPEAN DATA PROTECTION SUPERVISOR
Summary of the Opinion of the European Data Protection Supervisor on the Recommendation for a Council Decision authorising the opening of negotiations for digital trade disciplines with the Republic of Korea and with Singapore 2023/C 253/02
The full text of this Opinion can be found in English, French and German on the EDPS website https edps.europa.eu
On 14 April 2023, the European Commission issued a Recommendation for a Council Decision authorising the opening of negotiations for digital trade disciplines with the Republic of Korea and with Singapore
The objective of this recommendation is to authorise the Commission to open negotiations with the Republic of Korea and with Singapore to establish binding disciplines on trade in goods and services enabled by electronic means. These negotiations may cover cross-border data flows with trust, data localisation requirements and personal data protection.

The EDPS recalls that, as the protection of personal data is a fundamental right in the Union, it cannot be subject to negotiations in the context of EU trade agreements. Dialogues on data protection and trade negotiations with third countries can complement each other but must follow separate tracks. Personal data flows between the EU and third countries should be enabled by using the mechanisms provided under the EU data protection legislation. The EDPS recalls that in 2018, the Commission endorsed horizontal provisions for cross-border data flows and personal data protection in trade negotiations. The EDPS considers that these provisions reach a balanced compromise between public and private interests as they allow the EU to tackle protectionist practices in third countries in relation to digital trade, while ensuring that trade agreements cannot be used to challenge the high level of protection guaranteed by the Charter of fundamental rights of the EU and the EU legislation on the protection of personal data. The EDPS understands from the recommendation that the negotiations on data flows and data protection should be opened with a view to agree on provisions that are coherent with these horizontal provisions. For the sake of clarity, the EDPS recommends to make an express reference to these horizontal provisions.

In addition, as regards more specifically the Republic of Korea, the EDPS notes that this country has already been granted an adequacy finding by the Commission in 2021. Consequently, transfers of personal data from a controller or a processor in the European Economic Area EEA to organisations in the Republic of Korea covered by the adequacy decision may take place without the need to obtain any further authorisation. Therefore, the EDPS recommends to further explain why, despite the adequacy decision, further negotiations on cross-border data flows and data protection are considered to be necessary in the case of the Republic of Korea.

Furthermore, the EDPS understands the negotiating directives and the horizontal provisions as allowing, in duly justified cases, measures that would require controllers or processors to store personal data in the EU/EEA. The EDPS recalls that, together with the EDPB, he recently recommended that controllers and processors, established in the EU/EEA and processing personal electronic health data within the scope of the Commissions proposal for a Regulation on the European Health Data Space, should be required to store this data in the EU/EEA, without prejudice to the possibility to transfer personal electronic health data in compliance with Chapter V GDPR. For the avoidance of doubt, the EDPS
recommends to expressly clarify in the negotiating directives that the negotiated rules should not prevent the EU or the Member States from adopting, in duly justified cases, measures that would require controllers or processors to store personal data in the EU/EEA.