The FADP regulates the transborder transfer of data in those cases when there is a need for the protection of privacy. Transfers may be prohibited if, for example, the recipient's country cannot provide an adequate level of data protection. Both, private individuals and federal bodies who may be involved in cross-border data disclosure, are subject to the duty of due care. The transfer of data files abroad has to be notified in case of a lack of adequate protection. In the absence of such protection, data may only be disclosed abroad if other safeguards, in particular contractual clauses or rules within the same legal person, guarantee protection. The FDPIC must be informed of such clauses and rules. Furthermore, the consent of the person concerned, the impending conclusion or performance of a contract of which the person concerned is party, or the protection of the data subject or any overriding public interests can justify the disclosure of personal data abroad (cf. Art. 6 FADP).