European Commission Approves Contract Terms For Data Transfer

Profession:Hughes & Luce LLP

The European Commission last month approved a set of standard contract terms that non-European Community companies can use in private agreements to ensure that they are in compliance with the European Union's ("EU") data privacy legislation, which (subject to certain exceptions) prohibits the transmission of personal data outside the EU unless the laws of the country to which the data is sent "ensure an adequate level of protection." Under the EU's Directive on Data Protection, the United States does not provide the same level of statutory data protection, complicating transfers of personal data from the EU to the US and many other non-EU nations. The European Commission's issuance of standard contractual terms for use between parties transferring data outside the EU, however, offers a means to comply with the Data Protection Directive regardless of the receiving nation's data privacy laws. These standard contractual clauses impose obligations on both the transmitting party and the receiving party to process the data in accordance with the EU's basic data protection rules, and create third-party beneficiary rights that permit data subjects to enforce their statutory rights under the contract between the data-transferring parties.

The U.S. Treasury Department earlier this year objected to the EU's standard contractual clauses on the grounds that they placed unfair burdens on foreign companies. Specifically, the Treasury Department complained that the clauses could...

To continue reading