Europe's data protection regime erected barriers to the export
of personal data from the European Economic Area – making it
unlawful for, say, a company in France to e-mail a database of
customer details to its US office – unless there is "adequate
protection" for the personal data transferred.
Use of standard contractual clauses offers companies and other
organisations one way to achieve this adequate protection; but the
only Commission-approved terms available to date have been
unpopular. That changes with effect from 1st April 2005.
The Commission's contract terms – published in 2001 – have faced
criticism "because they are neither user-friendly nor commercially
sensible," according to Shelagh Gaskill, a partner with Pinsent
Masons, the law firm behind OUT-LAW.COM. "The good news for
businesses," she said, "is that there is now an alternative."
A new set of standard contractual clauses for data transfers was
proposed by seven international business associations: the American
Chamber of Commerce to the European Union in Brussels (AmCham EU);
the Confederation of British Industry (CBI); the European
Information and Communications Technology Association (EICTA); the
Federation of European Direct and Interactive Marketing (FEDMA);
the International Chamber of Commerce (ICC); the; International
Communication Round Table (ICRT); and the Japan Business Council in
Europe (JBCE).
Approval of the new clauses came after four years of
negotiation. According to the business groups, it marks the first
time the Commission has officially approved a mechanism for data
transfers proposed by the private sector.
Christopher Kuner, Chairman of ICC's Task Force on Privacy and
the Protection of Personal Data, who led the negotiations with the
EU, said: "Our clauses offer the same level of data protection as
the Commission's clauses, but use more flexible mechanisms that are
more in line with business realities."
He said the new clauses do not require the data exporter and
data importer to be liable for each other's misuse of the data, as
the Commission's previous clauses had done, and contain auditing
provisions that are more flexible and realistic.
Pascale Gelly, representing AmCham EU, added that "these clauses
are beneficial to individuals as more data transfers will be
operated under an adequate level of protection."
Single Market Commissioner Charlie McCreevy said "This is a good
example of regulating in cooperation with business. The business
community has shown a serious commitment towards data protection
and the Commission has carefully listened to business needs. That
is good for EU citizens, whose privacy is better protected, and for
our companies, whose competitiveness is reinforced."
Shelagh Gaskill concluded: "The terms are much more sensible
than the originals and much more user-friendly for large commercial
organisations."
