A European Commission press release states that it has approved a new set of standard contractual clauses which businesses can use to ensure adequate safeguards when personal data is transferred from the EU to non-EU countries. The new clauses, submitted by a business coalition, will be added to those already available under the Commission’s June 2001 decision. Use of standard contractual clauses offers companies and other organisations a straightforward means of complying with their obligation, under the Data Protection Directive, to ensure "adequate protection" for personal data transferred outside the EU. Single Market Commissioner Charlie McCreevy said:
"This is a good example of regulating in cooperation with business. The business community has shown a serious commitment towards data protection and the Commission has carefully listened to business needs. That is good for EU citizens, whose privacy is better protected, and for our companies, whose competitiveness is reinforced”.A big coalition of business associations led by the International Chamber of Commerce negotiated these new standard contractual clauses with the Commission and the committee of EU data protection authorities (the “Article 29 Working Party”) over the last three years. The implementation of this new set of clauses, which are believed to be more user-friendly, will be reviewed in 2008.
Contractual clauses are not necessary to transfer data to Switzerland, Canada, Argentina and the UK territories of Guernsey and the Isle of Man, whose own regimes are recognised by the Commission as offering adequate data protection. Neither are they needed for transfers to US companies adhering to the 'Safe Harbor' Privacy Principles issued by the US Department of Commerce.
Data protection: a priority for the European Commission
Information that's not so well protected here and here