Article 2 Transferts de données à caractère personnel

This article addresses a specific data protection requirement that sits alongside the cooperation arrangements established under Article 107(1) of Regulation (EU) 2023/1114 (MiCAR).

Where personal data is being transferred to supervisory authorities in third countries, and competent authorities rely on an administrative arrangement under GDPR (Article 46(3)(b) of Regulation (EU) 2016/679) to do so, that arrangement must be attached to the relevant cooperation arrangement.

In essence, it ensures that the legal basis for cross-border personal data transfers is formally documented and linked to the broader supervisory cooperation framework.

Important points:

• Competent authorities are required to annex any GDPR-based administrative arrangement for personal data transfers to the cooperation arrangement made under Article 107(1) of MiCAR.
• This obligation is triggered specifically when personal data is transferred to supervisory authorities in third countries.
• The article connects two distinct regulatory frameworks — MiCAR and GDPR — ensuring data transfer safeguards are formally recorded within supervisory cooperation arrangements.