Share This Article
The European Commission has adopted a new set of standard contractual clauses for transfers of personal data from data controllers in the European Union to data processors located outside the European Union.
Under European data protection laws, transfer of personal data to a third country that does not ensure (according to the European Commission) an adequate level of protection to the personal data (which for instance include the United States) cannot take place unless one of the exemptions prescribed by the Directice 95/46/EC applies. One of these exemptions is the implementation by the data controller of adequate safaguard to the processing of personal data through contractual clauses. Indeed, if the transfer of data outside the EU is regulated through the abovementioned standard contractual clause, the data exporter does not need for instance to require the consent from the individual/company whose data are transferred to transfer.
The main peculiarity of this new set of contractual clauses which amend those issued in 2001 is that for the first time data processors located outside the EU can in turn outsource the processing activity to other data processors. This is a relevant circumstance for companies that for instance instruct IT services providers to store the huge amount of data collected because under the old regime the appointed data processor could not instruct any third party to process the collected data.
If you want to discuss on the possibility for your company to implement the new set of standard contractual clauses, feel free to contact me, Giulio Coraggio.
(Visited 1 times, 1 visits today)
