Keep up to date with our blog articles, latest news and industry developments. See below for the latest posts or use the category listings to hone your search for stories of interest.
Model Clauses: EU puts forward proposals for ensuring lawfulness after Schrems
Commission aims to save Model Clauses.
At October’s Article 31 Committee meeting, the European Commission (Commission) presented two draft Commission Implementing Decisions (Draft Decisions). The Draft Decisions aim to “cure the illegality” of the existing adequacy decisions on standard contractual clauses (Model Clauses) and countries where the Commission has made a positive finding of adequacy.
The Draft Decisions propose to amend the two existing adequacy decisions that were held to be illegal following the European Court of Justice’s ruling in the Schrems case. Last year, in Schrems, the European Court of Justice invalidated Article 3 of the Safe Harbour adequacy decision as it considered Article 3 restricted national supervisory authorities’ powers to suspend and prohibit data flows to the US. The Draft Decisions aim to amend the existing adequacy decisions by removing provisions comparable with Article 3 and thereby ensuring that national supervisory authorities can exercise all the powers given to them under EU and national law.
The Draft Decisions are not yet publicly available and, whilst a number of Member States expressed favourable views, some Member States asked for more time to consider the new proposals. The Article 29 Working Party has also been asked to present its views on the Draft Decisions before the Article 31 Committee meets again in the near future.
Model Clauses, in particular, have long been a popular choice amongst organisations operating internationally; providing a practical and familiar set of rules under which Personal Data must be processed outside of the European Economic Area.
The new improved adequacy decisions, once amended, may help to provide certainty to those organisations relying on Model Clauses and give individuals the comfort of knowing they have recourse to their national data protection authorities, even if their Personal Data has been transferred outside of the European Economic Area.
This blog post was written by Amelia Day, Trainee Solicitor at White & Black.
Disclaimer: This article is produced for and on behalf of White & Black Limited, which is a limited liability company registered in England and Wales with registered number 06436665. It is authorised and regulated by the Solicitors Regulation Authority. The contents of this article should be viewed as opinion and general guidance, and should not be treated as legal advice.