The EU's Data Protection Directive provides that the transfer of personal data to a non-EU country may take place only if that country ensures an adequate level of protection. This can be an administrative barrier for many businesses with offices outside the EU which cannot share, for example, customer databases unless special agreements are entered into.
The Commission based its formal Decision on Canada's information protection legislation of 2000. The Decision was made on 20th December and published yesterday.