The European Union has released a new set of Standard Contractual Clauses (SCC) in order to further enhance data protection of EU citizens. SCC’s have been existing for more than a decade, however, thanks to the recent introduction of the GDPR rules, the release of a new set of SCC became important.
SCC’s serve as an annex for contracts and govern the handling of personal information. SCC’s are used when the personal information is transferred from a controller in the EU to a processor in a territory, where the level of protection of personal data is considered lower than the EU standards. To ensure the necessary level of protection, the SCC’s contain predefined conditions for the handling of the private information. When the SCC’s were first introduced, they were expected to enhance business transactions, as well as reducing the cost of the conclusion of transactions.
Another key element in the release of the new SCC was the fact that the CJEU has invalidated the EU-U.S. Privacy Shield in the Schrems II. case. In the given case a Facebook user, who was a citizen of a Member State took objection, as his personal data was transmitted from the Irish affiliate of Facebook to the American parent company. According to the opinion of the CJEU, it did not guarantee the necessary level of protection for the personal data that was transmitted from the EU to the U.S.
This new set of SCC’s were published on 4 June 2021 and take effect on 27 June 2021. The previous set of clauses can be used until 27 September 2021, while the existing systems that use the old SCC shall be updated only until 27 December 2022.