The European Commission has decided that the data protection laws of Canada give adequate protection for personal data transferred from the EU. Canada joins Switzerland and Hungary as the only non-EU countries to which EU businesses can currently transfer personal data without the need for additional guarantees which are necessary in transfers to other countries.

The EU's Data Protection Directive provides that the transfer of personal data to a non-EU country may take place only if that country ensures an adequate level of protection. This can be an administrative barrier for many businesses with offices outside the EU which cannot share, for example, customer databases unless special agreements are entered into.

The Commission based its formal Decision on Canada's information protection legislation of 2000. The Decision was made on 20th December and published yesterday.