European Commission approves personal data safeguards.
The new clauses will be added to those already available under the commission's June 2001 decision. Use of standard contractual clauses offers organizations a straightforward means of complying with their obligation under the 1995 EU Data Protection Directive to ensure "adequate protection" for personal data transferred outside the EU.
A coalition of business associations led by the International Chamber of Commerce negotiated the new standard contractual clauses with the commission and the committee of EU data protection authorities over the last three years. Companies believe that some of the new clauses, such as those on litigation, allocation of responsibilities, and auditing requirements, are more business-friendly. Yet they provide for a similar level of data protection as those of 2001, and data protection authorities are given more powers to intervene and impose sanctions where necessary to prevent abuse.
Contractual clauses are not necessary to transfer data to Switzerland, Canada, Argentina, and the U.K. territories of Guernsey and the Isle of Man, whose governments are recognized by the commission as offering adequate data protection. They are also not needed for transfers to U.S. companies adhering to the "Safe Harbor" privacy principles issued by the U.S. Department of Commerce.
The commission is also working with data protection authorities on other possible alternatives, such as the use of codes of conduct instead of model contracts for the transfer of personal data to third countries. More information is available online at http://europa.eu.int/comm/ internal_market/privacy/modelcontracts_en.htm.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||News, Trends & Analysis|
|Publication:||Information Management Journal|
|Article Type:||Brief Article|
|Date:||Mar 1, 2005|
|Previous Article:||How is SOX affecting small businesses?|
|Next Article:||ID thief gets 14 years.|