Insights & news

European Commission’s draft Standard Contractual Clauses Jointly Commented on by EDPB and EDPS

  • 27/01/2021
  • Articles

The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) commented on the European Commission’s draft standard contractual clauses (SCCs) for the transfer of data to third countries (the Transfer SCCs), and between data controllers and data processors (the Processor SCCs). 

The Transfer SCCs would replace the three current sets of transfer SCCs, which are the main safeguards used to transfer personal data to third countries outside the EU/EEA. By contrast, there are currently no EU-wide template SCCs for contracts between controllers and processors.

Overall, the EDPB and EDPS welcome both sets of SCCs. The Transfer SCCs present a reinforced level of protection for data subjects, while the Processor SCCs will help to ensure full harmonisation and legal certainty across the EU for contracts between controllers and their processors. Nevertheless, the EDPB and EDPS request the Commission to make some amendments and include further clarifications in the final text of the SCCs. 

Please click below for a short note on the joint opinions of the EDPB and EDPS.


Key contacts

Related practice areas

Related insights

Sign up for updates
    • 12/04/2021
    • Articles

    European Union and South Korea Conclude Adequacy Talks

    On 30 March 2021, the European Commission and the Republic of Korea successfully concluded their negotiations on adequacy. An “adequacy finding” will enable free and safe data flows from the European Union to South Korea. The conclusion of the negotiations allows the European Commission to adopt an “adequacy finding” under Article 45.3 of the GDPR, confirming that South Korea’s Personal Information Act (PIPA) provides a comparable level of protection of personal data to European data protection laws. Such an “adequacy finding” will cover both private and public sector data controllers established in South Korea. The negotiations on adequacy were initiated in the context of the Free Trade Agreement that was concluded between the European Union and Korea. Within the framework of these negotiations, South Korea has enacted a series of reforms to its data protection laws. For instance, South Korea committed to implementing additional safeguards to protect European citizens’ personal data (e.g., introducing the concept of “pseudonymised information”, as well as the “purpose limitation” principle) and streamlined South Korea’s data protection regulatory authorities to one authority, while previously data protection breaches and issues were handled by multiple agencies. These new rules will be binding on companies importing data from the European Union and enforceable by South Korea’s Personal Information Protection Commission (PIPC). The European Commission will now launch the procedure for the adoption of a formal adequacy decision. This involves obtaining an opinion from the European Data Protection Board and approval by a committee composed of representatives of the EU Member States. Once the formal decision has been adopted, personal data can flow freely from the EU Member States to South Korea without any further safeguards or authorisations such as binding corporate rules and contractual clauses.

    Read more
    • 25/03/2021
    • Articles

    Belgian DPA Prohibits Use of Unlawfully Obtained Personal Data in Arbitration Proceedings

    The Litigation Chamber of the Belgian Data Protection Authority prohibited a controller from passing on personal data obtained in breach of data protection rules to its legal counsel. The Litigation Chamber did not issue a fine, but the decision serves as a clear message that further processing of such unlawfully obtained personal data, even in the context of legal proceedings, is prohibited. Please click below for a Client Alert on this decision.

    Read more

Subscribe to our updates

Please select the practice areas you are interested in: *