After years of negotiations, on February 5, 2010, the European Commission (EC) updated its Standard Contractual Clauses (SCCs), which set forth contract terms that govern the protection of personal data transferred from data exporters within the European Union (EU) to data processors outside the EU. On June 8, 2009, we wrote that the EC was considering implementing new SCCs. On May 15, 2010, the new SCCs, promulgated under 2010/87/EU, will go into effect, replacing the old SCCs, promulgated under 2002/16/EC.
Under Directive 95/46/EC, personal data may only be transferred by EC Member States to a third country if that country ensures an adequate level of data protection. EC Member States may circumvent this relatively high standard by incorporating SCCs covering data protection into their agreements with personal data processors in countries that lack adequate data protections. The SCCs are intended to ensure that personal data is appropriately safe guarded when transferred to a data processor in a third country that does not otherwise provide an adequate level of data protection.