June 13, 2021

Who let the SCCs out?

Photo by Markus Spiske on Unsplash

Finally, after many months, the European Commission has released the new set of the Standard Contractual Clauses (“SCCs”). The SCCs, if you have not heard of them, are a legal tool for allowing an international transfer of data to and from outside the “EEA+” (European Economic Area and countries that have received an adequacy decision). This new set has superseded the previous ones (there were three bilateral sets of SCCs). Now the Commission has opted for a smooth and open structure: the new SCCs include four sets of clauses: Controller to Controller, Controller to Processor, Processor to Processor and Processor to Controller. One can simply select the appropriate clauses to its business and adapt them to the situation (without editing the content, which is forbidden). Moreover, as they are now open, there is no need to create a new document for each business partner: now they can be added to the main SCCs (specifically: Annex I, list of parties). The new SCCs integrate all the new obligation established by the European Court of Justice in the famous Schrems II case, like the assessment of the importer laws (clause 14). However, the new SCCs have also been criticised for being too burdensome, especially for what concerns security of data (e.g. clause 8), or for having typos after months of development. However, the SCCs are now available and only time will tell us if the Commission reached its scope to foster a culture of safe international transfers.