| New standard contractual clauses for transfer of data outside the EU |
 |
 |
 |
| Written by Mícheál O'Dowd |
| Tuesday, 16 February 2010 12:12 |
|
On the 5th February 2010 the European Commission adopted new decision updating the standard clauses which govern the transfer of personal data outside the EU. The decision was published in the Official Journal of the EU L39 on the 12th February 2010 and updates the clauses which have previously been approved by Decision 2002/16/EC. The new standard clauses provide a useful tool to companies who wish to remain compliant with Data Protection Legislation, particularly those utilising Software as a Service (SaaS) providers or Cloud computing services outside the EU. While companies are not obliged to adopt these standard clauses, the office of the Data Protection Commissioner is obliged to recognise that any personal information transferred and processed pursuant to the standard conditions complies with the Data Protection Act. The Commission decision comes at the same time as a report from the Department of Finance warning public bodies not to purchase cloud computing products without first obtaining legal advice on confidentiality, data protection and security issues. While the advice of the Department can be considered prudent, it is clear that data protection issues will not unduly affect the adoption of cloud computing once appropriate precautions have been taken. |
