New Standard Clauses For Data Transfers To Data Controllers In Non-EU Countries

Client Alert | 1 min read | 01.24.05

The Data Protection Directive permits the transfer of personal data outside of the EU in certain circumstances, including where a data exporter (based in the EU) and a data importer (based elsewhere) enter into a written agreement guaranteeing that the data importer will adequately protect all personal data received from the data exporter.

In 2001 the European Commission approved standard contract clauses for use in such a situation. However, the clauses were widely regarded as being too onerous on data exporters. In response to a demand from businesses, the European Commission adopted new alternative standard contract clauses in December 2004 for use in contracts between data controllers.

The key differences between the 2001 and 2004 standard contract clauses relate to the liability of the data exporter for the activities of the data importer: The new standard clauses now impose liability for damage suffered by a data subject directly on the data importer, and the data exporter is now only liable where it has failed to use reasonable efforts to determine that the data importer is able to satisfy its legal obligations under the standard contract clauses.

Contacts

Kris D. Meade
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2854
a21lYWRlQGNyb3dlbGwuY29t
Thomas De Meese
Partner
- Brussels
  - D | +32.2.282.1842
dGRlbWVlc2VAY3Jvd2VsbC5jb20=

Insights

Client Alert | 4 min read | 06.25.26

Twin Executive Orders Seek to Spur Quantum Leap in Technology and Cybersecurity

On June 22, 2026, President Trump signed two executive orders, “Securing the Nation Against Advanced Cryptographic Attacks” (Quantum Security EO) and “Ushering in the Next Frontier of Quantum Innovation” (Quantum Innovation EO), marking the most significant federal action on quantum technology since the Quantum Computing Cybersecurity Preparedness Act of 2022, which directed agencies to harden their information systems against quantum-enabled hacking. The orders seek to speed the development of quantum computers, which are advanced processors that can calculate multiple possibilities simultaneously and thus solve problems exponentially faster than traditional computers. At the same time, the orders look to protect against the danger that quantum technology can “break” traditional encryption by easily decoding it. Of particular note for government contractors, the Quantum Security EO directs agencies to update federal acquisition regulations to require contractors by 2031 to adopt information processing standards that resist quantum-enabled codebreaking....

Client Alert | 7 min read | 06.24.26
DOJ’s National Security Division Announces First Declination Under New Corporate Enforcement Policy With Parallel BIS Settlement
Client Alert | 3 min read | 06.24.26
OhioHealth Settlement and White House Report Signal Broader Federal Focus on Restrictive Hospital Contracting
Client Alert | 4 min read | 06.23.26
EPA Hands Over AI Data Center Regulation to States and Communities to Develop Best Practices

View All Insights