New Standard Clauses For Data Transfers To Data Controllers In Non-EU Countries

Client Alert | 1 min read | 01.24.05

The Data Protection Directive permits the transfer of personal data outside of the EU in certain circumstances, including where a data exporter (based in the EU) and a data importer (based elsewhere) enter into a written agreement guaranteeing that the data importer will adequately protect all personal data received from the data exporter.

In 2001 the European Commission approved standard contract clauses for use in such a situation. However, the clauses were widely regarded as being too onerous on data exporters. In response to a demand from businesses, the European Commission adopted new alternative standard contract clauses in December 2004 for use in contracts between data controllers.

The key differences between the 2001 and 2004 standard contract clauses relate to the liability of the data exporter for the activities of the data importer: The new standard clauses now impose liability for damage suffered by a data subject directly on the data importer, and the data exporter is now only liable where it has failed to use reasonable efforts to determine that the data importer is able to satisfy its legal obligations under the standard contract clauses.

Contacts

Kris D. Meade
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2854
a21lYWRlQGNyb3dlbGwuY29t
Thomas De Meese
Partner
- Brussels
  - D | +32.2.282.1842
dGRlbWVlc2VAY3Jvd2VsbC5jb20=

Insights

Client Alert | 14 min read | 03.13.26

AI for Government: 7 Days for Contractor Comments on GSA Proposed Contract Clause for AI Systems

On March 6, 2026, the General Services Administration (GSA) issued a significant proposed contract clause, GSAR 552.239-7001, Basic Safeguarding of Artificial Intelligence Systems (“Clause”), for inclusion in GSA Schedule solicitations and contracts for AI capabilities. The proposed clause would impose substantial new requirements related to AI sources, intellectual property rights, data use, change management, and performance standards. The Clause would also take precedence over any other contract terms (including commercial licensing terms) related to AI, including a Seller’s terms of sale and service to which the Government had previously agreed. GSA requests comments by March 20, 2026....

Client Alert | 3 min read | 03.12.26
DOJ Releases First-Ever Department-Wide Corporate Enforcement and Voluntary Self-Disclosure Policy
Client Alert | 03.12.26
EPA and CBP Intensify Import Enforcement on Pesticides, Toxic Chemicals, and Polluting Products: EPA Reports Unprecedented Enforcement Results—Key Insights for Importers, Distributors, and Retailers
Client Alert | 3 min read | 03.12.26
The EU Pharma Package: Formal Adoption in Sight

View All Insights