It has been reported that European Commission will publish the final versions of new forms of Standard Contractual Clauses (“SCCs”) shortly (even potentially within the next few days). The Commission published draft versions of these SCCs and the implementing Commission Decisions in December 2020. These new SCCs are, arguably, the most significant development in European data protection law since the coming into force of the EU General Data Protection Regulation (“GDPR”) in May 2018, which was three years ago this month.  These new SCCs will replace prior versions of the SCCs, some of which date back to 2001 and pre-date the GDPR. We are closely monitoring developments in this area and will report on the new SCCs as soon as these are published. We expect the impact of these SCCs to be significant on organizations which are directly subject to the GDPR or which receive personal data from organizations that are subject to the GDPR.

As is well-known, SCCs are template data transfer agreements that allow data exporters in the European Economic Area (“EEA”) to transfer personal data to countries outside the EEA that the Commission treats as providing an “inadequate” level of data protection in accordance with the EU General Data Protection Regulation. (Countries in this category include Australia, Brazil, China, India and the United States.) The new SCCs comprise four different forms Controller-to-Controller, Controller-to-Processor, Processor-to-Controller, and Processor-to-Processor relative to only two forms in the current versions, namely Controller-to-Controller, Controller-to-Processor. Relative to the current SCCs, the new SCCs also impose substantially enhanced obligations on both data exporters and data importers to reflect both the coming into force of the GDPR in 2018 and the decision of the Court of Justice of the European Union in the Schrems II case in 2020.

Based on press reports, the final versions of the new SCCs may, at least in part, be substantially different from the draft versions published in December. For example, a longer period may potentially be offered to organizations to transition to the new SCCs from the existing SCCs. Many organizations also hope that the final versions of the new SCCs will help resolve certain tensions between the draft version from December and the European Data Protection Board’s guidance on Schrems II compliance (notably, whether organizations are allowed to adopt a risk-based approach to assessing data protection risks in the country of data import.)

Photo of Kelly McMullon Kelly McMullon

Kelly M. McMullon is special international labor, employment & data protection counsel in the Labor & Employment Law Department and member of the Firm’s International Labor & Employment, Privacy & Cybersecurity and Sports Groups. Kelly has been recommended in Legal 500 UK for…

Kelly M. McMullon is special international labor, employment & data protection counsel in the Labor & Employment Law Department and member of the Firm’s International Labor & Employment, Privacy & Cybersecurity and Sports Groups. Kelly has been recommended in Legal 500 UK for her “responsiveness and practicality.”

Kelly assists clients in a variety of sectors including financial services, asset management, life sciences, fintech, consultancy, retail, sports, leisure and manufacturing in a wide range of contentious and non-contentious matters.

In her employment practice, she provides general day-to-day counselling and advice on all employment-related issues, including hires, terminations, grievances and redundancies, as well as the employment aspects of transactions.

In her data protection practice, Kelly provides strategic advice as well as practical support and guidance on all aspects of data protection compliance, including international transfers of personal data, data breaches, direct marketing and employee data protection concerns. She also provides advice on the data protection aspects of transactions.

Kelly also has experience working with businesses on CSR and ESG initiatives, human rights and modern slavery issues.

Kelly is a contributor to Proskauer’s International Labor and Employment Law and Proskauer on Privacy blogs and is the Editor for Proskauer on Privacy’s “International Data Privacy” chapter. She regularly provides training and speaks on employment and data protection issues.

Her pro bono experience includes counselling not-for-profit organizations on data privacy and employment-related issues.

Photo of Ryan Blaney Ryan Blaney

Ryan Blaney represents health care, life science, and technology clients in a range of regulatory, enforcement, internal investigative and transactional matters, with particular expertise in privacy law, life sciences and digital health. He also has expertise in regulatory compliance, counseling clients on a…

Ryan Blaney represents health care, life science, and technology clients in a range of regulatory, enforcement, internal investigative and transactional matters, with particular expertise in privacy law, life sciences and digital health. He also has expertise in regulatory compliance, counseling clients on a range of matters, including health care fraud and abuse, third party reimbursement, data breach issues, data privacy and security, and FDA regulatory matters. He has substantial experience in pharmaceutical lifecycle management and competition issues, including the Hatch- Waxman Act and Biosimilars Price Competition and Innovations Act.

Ryan serves information technology companies, public and private health care companies, hospitals and physician organizations, manufacturers, medical device companies, and health plans. He guides venture capital groups, private equity funds, investment banks, and other investors on health care regulatory issues in connection with financing, mergers and acquisitions, and restructuring.

Ryan’s work is greatly informed by his experience as a teacher. Prior to attending law school, Ryan earned a master’s degree in education and taught at an under-resourced Catholic middle school. He is known for his ability to communicate clearly and to coordinate large teams working on complex matters. Outside of his health law practice, Ryan has been repeatedly recognized for his public service and pro bono work. He has successfully handled numerous education-related cases, helped establish three nonprofit organizations and defended qualified recipients of disability benefits.