EC Revamped Data Transfer SCCs Get Some Tech Backing
New provisions for data transfers will give businesses more legal certainty, the European Commission said Friday. It published its long-awaited revamped standard contractual clauses, which drew some U.S. tech industry support. One SCC set is for use between data controllers and processors, a second is for personal data transfers to third countries. They take into account new requirements under general data protection regulation and the European Court of Justice ruling in Schrems II, which annulled Privacy Shield, the EC said. Key changes update protections to align with GDPR, cover a wide range of transfer scenarios instead of necessitating use of separate sets of clauses, and list practical actions companies must take to comply with the ECJ judgment. Companies using former versions of SCCs have 18 months to switch. "Unlike its predecessor, the new SCCs can be used by a wider range of companies in different data transfer scenarios," said the Computer & Communications Industry Association. CCIA Public Policy Senior Manager Alexandre Roure urged the EU to quickly "conclude its data transfer negotiations with its main trading partners." Like CCIA, the Information Technology Industry Council urged EU leaders to stay focused on a new Privacy Shield agreement. The two most important changes are new flexibility that enables businesses to enter into the same SCCs covering new kinds of transfers, and new obligations to assess transfer risks case by case, emailed Linklaters data protection attorney Tanguy Van Overstraeten.