The European Commission may decide that the standard contractual clauses offer sufficient data protection guarantees so that data can be transferred internationally. 220.127.116.11 the transmission of personal data of the company of a subcontractor to a subcontractor or between two entities of a subcontractor, if such transfer was prohibited by data protection legislation (or by the terms of data transfer agreements concluded to address the data protection limitations of data protection legislation); Clauses should not be modified by the EC text, although the parties may include additional commercial clauses. 11.1 The processor may not transfer or authorise the transfer of data to countries outside the EU and/or the European Economic Area (EEA) without the prior written consent of the company. Where personal data processed under this Agreement are transmitted by a country of the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are duly protected. To do this, the parties rely, unless otherwise agreed, on standard contractual clauses for the transfer of personal data approved by the EU. The use of the clauses depends on all the needs of the parties involved. Some clauses are used more often than others. Boilerplate clauses can be displayed in a contract. You can also create a specific clause that applies to all parties involved. Microsoft continuously evaluates EU standards and updates its services as necessary. The use of the clauses of Article 28 approved by the European Commission is not mandatory and companies can continue to use tailor-made data processing agreements between controllers and subcontractors to meet the requirements of Article 28 of the GDPR. Standard Contractual Clauses (SBS) are standard sets of contractual terms that the sender and recipient of personal data sign to protect personal data leaving the European Economic Area (EEA) through contractual obligations in accordance with the requirements of the GDPR in areas considered not to offer adequate protection of the rights and freedoms of data subjects. CPCs are particularly important in the field of data protection, contributing to a harmonised approach to cross-border processing or processing affecting the free movement of personal data or of natural persons within the EEA itself, allowing for the uniform implementation of the specific provisions of the GDPR.
European Union (EU) data protection legislation governs the transfer of personal data of EU customers to countries outside the European Economic Area (EEA), which includes all EU countries, as well as Iceland, Liechtenstein and Norway. EU Model Clauses are standard contractual clauses used in agreements between service providers (such as Microsoft) and their customers to ensure that all personal data leaving the EEA is transferred in accordance with EU data protection law and meets the requirements of Directive 95/46/EC on data protection. This Directive lays down the basis for the processing of personal data in the EU. It is the legal framework within which Microsoft transmits personal data from the EU. As part of this policy and our contractual agreements, Microsoft is the processor of customer data. Customer is the data controller with ultimate ownership and responsibility for ensuring that the data can be lawfully made available to Microsoft for processing outside the EEA. Not quite. While the ruling states that standard contractual clauses are valid as an instrument, the transfer of data may not depend on the country receiving that data, said Emerald de Leeuw, an independent data protection specialist. .