Want to stay current on e–commerce law? Sign up for Email Newsletter.
European Commission Approves New Set of Standard Contractual Clauses for the Transfer of Personal Data
The European Commission has approved a new set of standard contractual clauses making it easier for organizations to transfer personal data to countries outside the European Union. These standard contractual clauses do not replace but work together with the set of clauses adopted in 2001, allowing an organization to choose which of the two sets of standard contractual clauses works best for them. The clauses reflect provisions in the 1995 Data Protection Directive which require EU member states to transfer data only to non-member states that have an 'adequate level of protection' for such data. The 2001 and 2004 standard clauses provide a similar level of protection and the differences between them are mainly technical in nature.
Organizations in countries recognized by the Commission as providing an adequate level of protection of data, such as Switzerland, Canada, or Argentina are not subject to the standard clauses. The U.S. based 'Safe-Harbor' organizations are also not required to adopt the standard contractual clauses. For other countries that have not been recognized by the Commission as having an adequate level of protection, the transfer of data is still possible in circumstances listed in Article 26(1) where, among other things, the person has given his or her unambiguous consent to the proposed transfer. Although the Commission will review the new set of clauses in 2008, until that time, interested parties such as those in particular sectors may submit other sets of clauses for review by the Commission as long as they further the Commissions' data protection objectives and promote the simplification of the conditions of international data transfer.
For more information, visit:
http://www.europa.eu.int/rapid/pressReleasesAction.do?reference=IP/05/12&format=HTM