Standard contractual clauses

The European Commission has the power to decide that certain standard contractual clauses offer sufficient safeguards as required by Article 26(2) of the EU Directive on the Protection of Personal Data, that is, they provide adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights. The effect of such a decision is that by incorporating the standard contractual clauses into a contract, personal data can flow from a data controller established in any of the 27 EU Member States and three EEA member countries (Iceland, Liechtenstein and Norway) to a data controller established in a country not ensuring an adequate level of data protection. Except in very specific circumstances, national data protection authorities cannot block such transfer.