In 1998, the European Union (EU) put into effect a directive that prohibitedthe transfer of personal data to nations outside of the 15-member EU, unless thenation to which the data was transferred "ensures an adequate level ofprotection." The directive does not specify what measures are"adequate," but provides only general guidance about the factors to beconsidered in assessing the "adequacy" of non-member states' privacyprotections. Consequently, this directive has caused considerable uncertaintyand debate; it was widely believed that EU companies could not export personaldata - such as human resources information or information gathered on customers- without violating EU data privacy laws. In an effort to provide some clarity, this past summer the EuropeanCommission adopted certain standard contractual clauses by which organizationscan transfer personal data. These clauses include: making those whose data is transferred third-party beneficiaries under the contract and allowing associations and "other bodies" to bring actions against the actual contracting parties for violations of the agreement that adversely affect persons whose data is transferred a warranty that the use of the personal data does not violate applicable EU laws and regulations a warranty that persons whose data is to be transmitted outside of the EU have been advised of that possibility a guarantee that the exporter of the data will, upon request, provide a copy of the standard clauses to person whose data is exported from the EU an undertaking that the data exporter will abide by certain "Mandatory Data Protection Principles" that must be attached to the agreement mandatory audit provisions applicable to the importer of data (who is located outside of the EU) admission of possible joint and several liability by the data exporter and data importer to the person whose data is transmitted outside of the EU for a number of potential breaches of the standard clauses mandatory indemnification for costs to enforce the agreement mandatory mediation and submission to jurisdiction in the courts of the EU Member State where the data exporter is located a reservation of rights by the person whose data is transferred, permitting that person to rely upon the substantive and procedural rights available under national and international laws that may apply to the agreement a provision requiring that the parties to the contract will deposit a copy of the standard clauses with an EU Supervisory Authority upon request...
European Union Adopts Standard Contract Clauses for Transfers of Personal Data
|Author:||Mr Paul Kilmer|
|Profession:||Holland & Knight LLP|
To continue readingREQUEST YOUR FREE TRIAL