European Union approves clauses for international data transfers
On 27 December 2004, the European Commission approved the standard contractual clauses for data transfers proposed by seven international business associations as offering an “adequate level of data protection” under the EU’s strict data protection laws.
Companies can now use the clauses to provide a legal basis for transfers to data controllers outside of Europe as from 1 April 2005.
The business associations supporting the clauses are the American Chamber of Commerce to the European Union in Brussels (AmCham EU); Confederation of British Industry (CBI); European Information, Communications and Consumer Electronics Technology Industry Associations (EICTA); Federation of European Direct and Interactive Marketing (FEDMA); International Chamber of Commerce (ICC); International Communication Round Table (ICRT); and the Japan Business Council in Europe (JBCE).
Approval of the business associations’ clauses came after four years of negotiation. It marks the first time the Commission has officially approved a mechanism for data transfers proposed by the private sector, and gives international business an additional tool to transfer personal data outside of Europe. The EC’s approval hopefully marks a milestone toward recognition by the EU of additional global data transfer solutions that the seven international business associations have been supporting, such as binding corporate rules.
According to Christopher Kuner, Chairman of ICC’s Task Force on Privacy and the Protection of Personal Data, who led the negotiations with the EU, these clauses provide a number of advantages for companies over the Commission’s previous clauses. “Our clauses offer the same level of data protection as the Commission’s clauses”, explained Mr Kuner, “but use more flexible mechanisms that are more in line with business realities”. For instance, the clauses do not require the data exporter and data importer to be liable for each other’s misuse of the data, as the Commission’s previous clauses had done, and contain auditing provisions that are more flexible and realistic.
Marisa Jimenez of FEDMA’s Legal Affairs Committee added: “The adoption of the model contract clauses is a good example of how industry and the legislator can successfully work together.”
Pascale Gelly, who was an active participant on behalf of AmCham EU, underlined that “these clauses are beneficial to individuals as more data transfers will be operated under an adequate level of protection.”