The European Commission Standard Contractual Clauses (SCCs) for cloud computing services have been updated. This comes as a response to the Schrems II ruling by the European Court of Justice, which declared the previous version invalid due to privacy concerns.
The SCCs are a set of templates that companies can use to ensure their cloud computing providers comply with the General Data Protection Regulation (GDPR). GDPR is a set of EU regulations that protect individuals` data privacy rights.
The updated clauses provide more guidance on how companies should assess the risks of using cloud computing providers. The updated SCCs also include new provisions aimed at improving data protection. For instance, cloud providers must inform their customers about any data breaches.
Moreover, the new SCCs require both parties involved in the cloud service contract to identify any local laws that could impact data privacy. This provision is aimed at addressing concerns about data transfers outside of the EU, where data privacy regulations may not be as stringent as they are within the EU.
The European Commission has also provided guidance on how companies can adapt their existing cloud service contracts to comply with the new SCCs. Companies have until December 2022 to transition to the updated SCCs.
In conclusion, the European Commission`s updated SCCs for cloud computing services provide important guidance on GDPR compliance, particularly given the increased focus on data privacy following the Schrems II ruling. Companies using cloud computing services should ensure their service providers comply with these updated clauses to avoid data breaches and adhere to EU privacy laws.