The EU Article 29 Working Party (WP29) adopted – on 19 July 2012 – Opinion No. 07/2012 which considers that the data protection regime of the Principality of Monaco guarantees an adequate level of protection. Approval by the WP29 precedes a final adequacy ruling by the European Commission, which would allow data to flow from EU Member States to Monaco without any further safeguard being necessary.
Peter Brudenall, Partner at Lawrence Graham LLP, told DataGuidance: "This is clearly a very positive result for the Principality of Monaco. The legislation in Monaco has historically been very close to the French data protection laws, and this Opinion confirms that the laws are generally in line with the EU Directive. Article 20 of the Monaco Constitution also confirms the protection of privacy and the Principality has also ratified the relevant international conventions relating to privacy and the protection of personal data".
© 2013 Cecile Park Publishing Ltd. All rights reserved
While the WP29 considered the data protection regime adequate, it also gave recommendations on what elements in Act n° 1.165 on the protection of personal data of 23 December 1993 (amended in 2008 and 2009) require improvement. It noted the absence of definitions of 'processor' and 'data subject consent', which can be deduced from articles in the Act, but ought to be defined 'in order to avoid interpretations that can be harmful to personal data protection'. Although not an explicit requirement, the WP29 also recommended that the Monacan legislator consider implementing a requirement to appoint a data privacy officer in the future.
Brudenall said: "Assuming there is a final adequacy ruling by the EU Commission, it is bound to give businesses based in Monaco, particularly those in the financial sector doing business with and across Europe, a significant boost as transfers of personal data become easier. A final ruling could, however, take another 18 months to 2 years".