The Irish government has moved swiftly to plug a perceived gap in protection under Irish data protection law that had raised doubts about whether Irish law was fit for purpose as a governing law under EU approved standard contractual clauses (SCCs).
On 4 June 2021, the European Commission adopted new SCCs, which became effective on 27 June 2021. The parties are free to agree an EU member state governing law applicable to their SCCs. However, Clause 17 of the new SCCs, on its face, posed a problem for Ireland. It stated that: “These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of _______ ”
In other words, the parties are free to choose an EU member state law to govern their SCCs so long as that law allows for third party beneficiary rights. But, therein lay the problem for Irish law. As a rule, Irish contract law doesn’t allow for third party beneficiary rights because the privity of contract doctrine still prevails in Irish law with few exceptions. Controllers and processors in Ireland (and their Iegal advisers) were therefore justifiably concerned that they would not be able to choose Irish law to govern their data transfers under the new SCCs.
The Irish government has moved remarkably quickly to dispel the legal uncertainty. On 24 June 2021, the Minister for Justice adopted the European Union (Enforcement of Data Subjects’ Rights on Transfer of Personal Data Outside the European Union) Regulations 2021 (S.I. 297/2021).
These Regulations insert a new section – Section 117A – into the Data Protection Act 2018. The new section confers an express right on data subjects to enforce the SCCs provisions (or other contractual transfer mechanisms such as BCRs) against the parties to the contract. Controller and processors in Ireland can now breathe a sigh of relief: Irish law does provide third-party beneficiary rights for data subjects making Irish law eligible as a governing law for SCC transfers.