A press release
last week from the European Commission, descriptively entitled "Decision updating the standard contractual clauses for the transfer of personal data to processors established in non-EU countries", announces last Friday's adoption by the Commission of its Decision, which addresses transfers to jurisdictions that are not recognised as offering an adequate level of data protection. The clauses in question are known as "controller to processor" clauses. According to the press release,
The "controller to processor" standard contractual clauses were approved by Commission Decision 2002/16/EC in order to provide companies with a tool which help them to comply with the obligation to ensure "adequate protection" for personal data when they transfer personal data to processors outside the EU/EEA.
Directive 95/46/EC lays down the legal framework for the processing of personal data in the European Union. With regard to international transfers of personal data to non EU/EEA countries, … Continue Reading ››