Close
Login to MyACC
ACC Members


Not a Member?

The Association of Corporate Counsel (ACC) is the world's largest organization serving the professional and business interests of attorneys who practice in the legal departments of corporations, associations, nonprofits and other private-sector organizations around the globe.

Join ACC

This Wisdom of the Crowd (ACC member discussion) how European Union (EU) Standard Contractual Clauses work when neither the exporter or importer are not located or organized in an EU country. This resource was compiled from questions and responses posted on the forum of the IT, Privacy & eCommerce Law ACC Network.*

*(Permission was received from ACC members quoted below prior to publishing their forum Comments in this Wisdom of the Crowd Resource)

Question

We have a client that is insisting on using the EU Standard Contractual Clauses for data protection purposes, but the data exporter and importer both are not located or organized in an EU country, and the client will not agree to any governing law in the EU. I am at a loss to understand how this client expects the Standard Contractual Clauses to work in this instance. Can someone please help me understand?

Response #1: Is your client processing any personal data (PD) from Europe? If so, those Data Transfer Agreements (DTA) are pretty inflexible. If it does not want to apply local European law then I'm sure any Data Protection Act (DPA) will not like to see that. It won't do them much good.1

On the other hand though, if they are not processing PD from Europe, then why the contracts?

Response #2: My best guess is that the client wants data protection language, but is treating the Standard Contractual Clauses as a general template and not one that is tied inextricably with European Union (EU) law. I'm glad I'm not the only one perplexed at the insistence on using the language almost entirely wholesale.2

Response #3: I always had a general one as a template and then modified it by area (EU, Canada, Australia, etc.)3

Response #4: The client's affiliates may be located within the EU making them data exporters under the EU Directive and triggering the need for Standard Contractual Clauses (SCC) or Binding Corporate Rules (BCR) or some other mechanism to legitimately transfer personal data to you as the data importer. I have also had clients request extension of the SCC to non-EU affiliates and we make a determination about whether to do so on a case by case basis but feel that doing so is not in the best interests of our organization due to the increased exposure that being subject to the jurisdiction of the data exporter creates.4

Your client may also be thinking about utilizing the SCC for non-EU jurisdictions where the SCC has been explicitly approved (Switzerland and Israel come to mind). Again, we generally decline in favor of terms contained within our Master Service Agreement (MSA).

Regardless, we request that the client provide a schedule listing the entities benefiting from the SCC so as to have a clear picture of our exposure

1Anonymous (Apr. 9, 2016)

2Anonymous (Apr. 10, 2016)

3Darryl Weiss, Attorney (Apr. 10, 2016)

4Anonymous (Apr. 11, 2016)

Region: European Union, United States
The information in any resource collected in this virtual library should not be construed as legal advice or legal opinion on specific facts and should not be considered representative of the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical advice and references for the busy in-house practitioner and other readers.

You may also be interested in

ACC
ACC Global Headquarters
1001 G Street NW
Suite 300W
Washington, D.C. 20001 USA

Contact Directory

Explore ACC
Privacy & Other Policies © 1998-2024, Association of Corporate Counsel. All Rights Reserved.