ICC submits model clauses to EC for international data transfers
In a move to standardize and speed up transfers of international data worldwide, the International Chamber of Commerce submitted today to the European Commission (EC) a proposal covering flows of personal data from data controllers to data processors.
This follows approval by the EC in 2005 of an earlier draft by ICC of standard clauses for international transfers from data controllers to other data controllers. The clauses were submitted jointly by ICC, the American Chamber of Commerce to the European Union (AmCham EU), the Federation of European Direct Marketing (FEDMA), and the Japan Business Council in Europe (JBCE). The clauses will be made publicly available on the opening day of a conference on international data transfers on 23 October in Brussels which is jointly organized by the EC and the US government.
Since the EC published its set of controller to processor clauses in 2001, the business community has recognized the need for a more pragmatic set of clauses that takes into account the rapidly-evolving climate for data processing. As global sourcing progresses and more and more businesses transfer data processing to companies that process data subject to an agreement with and under the control of the original data controller, the need for more pragmatic clauses has increased. The new draft highlights a number of issues that urgently need to be addressed but are lacking in the EC’s original set of clauses, such as provisions dealing with a data transfer from one data processor to another data processor.
The proposal is designed to prompt EU lawmakers into making significant strides in providing a legal framework that addresses the practical realities of global businesses when processing data. The draft clauses represent the latest attempt to design data protection measures that safeguard personal data while meeting the day-to-day realities of business operations, based on practical business experience and aimed at closer cooperation between business and government authorities.
This is an urgent issue for global businesses, which are increasingly faced with a tangled maze of requirements in managing their employee and customer data worldwide. What’s more, globalization and a networked society have rendered national borders irrelevant for companies doing business across borders where employees are now part of a worldwide organizational matrix.