“A good example of regulating in cooperation with business.”

While business use of offshore outsourcing has soared in recent years, the data protection issues surrounding the transfer of customer data to countries such as India and the Philippines has been left largely unresolved.

As a general principle, companies transferring personal data outside of the European Union are obliged to ensure that the receiver abides by EU data protection laws.

Until it introduced a set of new guidelines in December, the European Commission (EC) expected businesses to use a set of standard contract clauses. But these were heavily criticised for being overly complex, and they also included clauses, such as those relating to liability, which were distinctly off-putting to many businesses. The new set of clauses, originally developed by business group the International Chambers of Commerce, simplify the process greatly while still ensuring privacy is protected.

“This is a good example of regulating in cooperation with business. The business community has shown a serious commitment towards data protection and the Commission has carefully listened to business needs. That is good for EU citizens, whose privacy is better protected, and for our companies, whose competitiveness is reinforced,” says Commissioner Charlie McCreevy.

The new clauses allow businesses to ensure that any data transfer done withpartners meets the full require-ments of the EC data protection legislation.



Shelagh Gaskill, partner at law firm Pinsent Masons, says the revised contract terms will provide much needed reassurance to businesses, as well as having the benfit of making data protection compliance more straightforward.

The new contract clauses were clearly drafted by people used to working on commercial contracts. They look a lot more businessfriendly. That is likely to mean that they are well received. The previous ones were not well drafted, and contained commercial terms that organisations did not like.

British firms are in an unusual position within Europe, as they are not obliged to use these standard clauses as the basis of contracts. But the big advantage of the new model clauses is that they provide a guarantee of adequacy [ie they meet European requirements for data protection]; they are completely safe. That means that businesses can save themselves a great deal of time and effort by not having to write their own terms.

Jim Norton, senior policy advisor on e-business at the Institute of Directors says the process for involving industry in developing European legislation is of more significance than the changes to data protection legislation.

On the whole, we should welcome the approach of getting business involved at an early stage when shaping European legislation. Hopefully it is something we will be seeing more of in the future.

And the changes represent a necessary piece of professionalism, to ensure that the principles that underpin data protection are applied. But the anecdotal evidence is that businesses were not even aware of the restrictions that applied to transporting data, let alone that any changes have been made.

If the regulators are serious about this, it would need an intensive promotion campaign. What is more likely is that the requirements will seep through, as businesses take advice from their lawyers.



Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics