Saturday, 4 May 2024

Home - Community , Privacy Education & Tips , World - European Union’s Standard Contractual Clauses (SCC)

European Union’s Standard Contractual Clauses (SCC)

On 21 March 2022, the United Kingdom finalized the adoption of its own version of the European Union’s Standard Contractual Clauses (SCC), a contractual mechanism aiming at securing personal data protected under a data protection framework to third countries not deemed to offer an “adequate” level of data protection.

An updated document for transfers initiated under the UK General Data Protection Regulation (GDPR) was needed following the Schrems II decision, which occurred while the United Kingdom was still an EU member state and which the European Union fixed by adopting new versions of the SCC in June 2021 but only after the United Kingdom had finalized Brexit.

The United Kingdom’s draft International Data Transfer Agreement (IDTA) and Addendum were laid before Parliament on 22 February 2022 and finally adopted on 21 March 2022 without changes. The IDTA is an equivalent contract to the SCC but uses a tabular approach in place of the modules used by the SCC. The alternative instrument that was introduced, the Addendum, provides UK data exporters with a semi-seamless mechanism where they can leverage their existing SCC for transfers initiated under the EU GDPR.

Transfer From The European Union To The United States: En Route For Schrems Iii?

On 25 March 2022, European Commission President Ursula von der Leyen and United States President Joe Biden announced an “agreement in principle” on a new EU-U.S. data sharing system, expected to replace the Privacy Shield framework invalidated under the Court of Justice of the European Union’s (CJEU) Schrems II decision in 2020 (see our alert here).

As no draft of that “agreement” has been circulated, the existing grievances against U.S. intelligence agencies’ access to personal data protected under GDPR remain and concerns relating to ‘effective legal remedies available to individuals protected under GDPR will need to be addressed. 

While such a political statement is encouraging for the future of international data transfers, this announcement should not be construed as relieving companies subject to GDPR’s territorial scope (see our alert here) from implementing adequate data transfer mechanisms until more concrete elements are adopted.

Direct Publication Source: https://www.natlawreview.com/article/international-personal-data-transfers-eventful-week

Comments

You May Like These Too

Sandy Neulane - 22 Aug 2022

Medical App Companies Funnel Patient Data For Advertising

Digital health companies, as reported by Forbes, are funneling sensitive data that patients have shared with them to Facebook to […]

Data Protection App data health tracking

Chase Hador - 25 May 2022

13 News Now: No, health data from most period-tracking apps is not protected under HIPAA

May 19, 2022 From EPIC privacy news and 13 News Now: Alan Butler, the executive director and president of the […]

Children's Privacy Children's Privacy Focus

Sandy Neulane - 22 May 2022

President Biden Urges for Stronger Privacy Protections for Children

On March 1, 2022, President Biden, in his first State of the Union address, called on Congress to strengthen privacy […]

Categories

Get Latest Updates