Today the European Commission released the formal communication no. 566 on the transfer of personal data to United States of America, this is consequent to the annulment of the Commission Decision 2000/520/EC (also called Safe Harbor Agreement).
In this document the Commission analyses a framework of possible alternative solutions to the invalid decision for SMEs and big enterprises that have concerns to transfer personal data to US. The main legal intruments are the following:
– contractual clauses (SSCs), two main types of standard clauses can be employed, in respect of the horizontal relationships will be employed those ones relating to data controller to data controller, meanwhile with regard to vertical relationships will be employed those ones relating to data controller to data processor;
– Binding Corporate Rules (BCRs), this is employed in intra-group data transfers to US;
– Derogations under the article 26, paragraph 1 of the 95/46/EC Directive, which include amongst the others consent, performance of contract and implementation of pre-contractual measures; in general terms, all these derogations must be interpreted in a narrow sense, this means that a derogation should not for instance be employed in case of repeated or mass data transfers to US.
Thanks Fabio; this is an hot topic for everybody and for US based Cloud Providers !