EU (Finally) Releases Standard Contract Clauses Q&A

May 30, 2022
<
Back
The European Commission has released a set of Q&amp;As on the revised Standard Contract Clauses (SCCs) for international data transfers, originally released in June 2021.

The European Commission has released a set of Q&As on the revised Standard Contract Clauses (SCCs) for international data transfers, originally released in June 2021.

The SCCs were first developed in the summer of last year.

They act as a mechanism to provide legal safeguards for companies when they initiate international data transfers, an area that has become increasingly scrutinised in light of the 2020 Schrems II case.

These Q&As are based on feedback received from various stakeholders on their experience of using the new SCCs in the first year since its adoption.

They have been devised by the commission to act as a practical guide on the use of SCCs to assist companies with their data compliance efforts and their data transfer obligations under the General Data Protection Regulation (GDPR), which turned four this week.

Some of the issues that the Q&As tackle may appear obvious to onlookers, but show how complicated the GDPR can be to comply with. For example, one Q&A clarifies that stakeholders that are using the SCCs are able to delete sections that are not applicable to their transfer scenario.

Moreover, the commission has said that counterparties may supplement the SCCs with additional clauses or incorporate them into a broader commercial contract, as long as the other contractual provisions do not contradict the SCCs, either directly or indirectly, or prejudice the rights of data subjects.

Among the issues that the commission has sought to address is whether the SCCs can be used for transfers to data importers who are already in scope of the GDPR, but that transfer data out of the EU.

The commission has said that the SCCs cannot be used for this, but that they are in the process of developing specific guidance on this issue.

Stakeholders have also been told that they are unable to use liability exemptions in regards to the SCCs.

“The parties may not include a general exculpation from liability,” according to the Q&As.

The commission has said that it would likely prejudice the rights and freedoms of individuals, such as by reducing the incentive for parties to ensure compliance with the SCCs.

The Q&As are just one cog in a huge slew of post-GDPR guidance and scrutiny, which while making the EU a global leader for data protection regulation has also left merchants, payments firms and others increasingly vulnerable to fines and investigations for making mistakes in their compliance processes.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

To read more articles like this, along with gaining access to the tools that will help you navigate compliance risk with confidence, request a demo of our RegTech platform today.

Related articles

July 26, 2024

Daily Dash: Four UK Banks Breached Competition Rules, Says Regulator

The UK’s Competition and Markets Authority has sanctioned four UK banks for misleading customers, while the US Consumer Financial Protection Bureau has warned against corporate intimidation of whistleblowers.
Read article
July 26, 2024

Payment Service Providers Operating In Lithuania Need To Improve User Experiences

The Bank of Lithuania has told the country's payment service providers to continue enhancing the user experience they provide.
Read article

Opt in to hear about webinars, events, industry and product news

Gambling Compliance

Learn more

Payments Compliance

Learn more
Still can’t find what you’re looking for? Get in touch to speak to a member of our team, and we’ll do our best to answer.
Contact us
No items found.
No items found.
European Union

Please choose your preferred
service to log in to.

GamblingCompliance
PaymentsCompliance
Don’t have an account?