Insights & news

European Commission’s draft Standard Contractual Clauses Jointly Commented on by EDPB and EDPS

  • 27/01/2021
  • Articles

The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) commented on the European Commission’s draft standard contractual clauses (SCCs) for the transfer of data to third countries (the Transfer SCCs), and between data controllers and data processors (the Processor SCCs). 

The Transfer SCCs would replace the three current sets of transfer SCCs, which are the main safeguards used to transfer personal data to third countries outside the EU/EEA. By contrast, there are currently no EU-wide template SCCs for contracts between controllers and processors.

Overall, the EDPB and EDPS welcome both sets of SCCs. The Transfer SCCs present a reinforced level of protection for data subjects, while the Processor SCCs will help to ensure full harmonisation and legal certainty across the EU for contracts between controllers and their processors. Nevertheless, the EDPB and EDPS request the Commission to make some amendments and include further clarifications in the final text of the SCCs. 

Please click below for a short note on the joint opinions of the EDPB and EDPS.


Key contacts

Related practice areas

Related insights

Sign up for updates
    • 19/02/2021
    • Articles

    European Commission | Assessment of Member State Rules on Health Data in Light of GDPR

    On 12 February 2021, the European Commission’s DG Health and Food Safety published an assessment of the EU Member State rules governing health data in the light of the General Data Protection Regulation (EU) 2016/679 (GDPR). The study’s objective was to examine possible differences between Member States and identify elements that might affect the cross-border exchange of health data in the EU for the purposes of healthcare, research, innovation and policy-making. The European Commission concluded that the existing fragmented approach of national rules governing health data between Member States hampers cross-border co-operation in the provision of healthcare, the administration of healthcare systems and research carried out so as to further public health objectives. The study discusses the use of health data for primary purposes (patient care), for secondary use in public health and for scientific or historical purposes. For each of these uses, the study analyses the legal bases for processing the data under the GDPR and inquires whether local legislation provides for alternatives to the use of consent as a legal basis. In response to the challenges identified, the study suggests actions at EU level to support the European Health Data Space and ensure the best possible use of health data. Furthermore, the study shows that co-operation between the EU Member States is crucial as it should draw on the work of national data protection authorities that come together as the European Data Protection Board, as well as on the numerous national and EU level bodies. Please click on the link below for a short article on the Commission’s assessment.

    Read more
    • 12/02/2021
    • Newsletters

    VBB on Belgian Business Law, Volume 2021, No. 1

    The January 2021 issue of our Belgian Business Law newsletter reporting on the latest developments in a range of areas, including competition, data protection, intellectual property and labour law.

    Read more
    • 10/02/2021
    • News

    'Pink Boxes' for Parents-to-be Fined by Belgian DPA

    The Belgian Data Protection Authority imposed a fine of EUR 50,000 on the marketing company Family Service, which distributes “pink boxes” – well known by mothers and fathers-to-be in Belgium – for various breaches of the GDPR. Not only did the company rent out and/or sell the data of more than one million customers, including the data of children, for commercial purposes without informing its customers in a clear and comprehensible manner. The company also transferred these personal data to its business partner without obtaining a freely given, specific and informed consent. The Data Protection Authority considers the decision to be a warning to data brokers that rent or sell personal data under similar business models without proper compliance with the GDPR.

    Read more

Subscribe to our updates

Please select the practice areas you are interested in: *