- According to Article 26 (4) of Directive 95/46/EC, the Commission may decide that certain standard contractual clauses provide sufficient safeguards.
- The protection of privacy, fundamental rights and freedoms and the exercise of corresponding data subject rights are considered sufficient guarantees.
- The Commission has so far issued two sets of clauses for data transfers by controllers and one for transfers to processors outside the EU/EEA.
The Council and the European Parliament have given the Commission the power to decide, on the basis of Article 26 (4) of directive 95/46/EC that certain standard contractual clauses offer sufficient safeguards as required by Article 26 (2), that is, they provide adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights.The Commission has so far issued two sets of standard contractual clauses for transfers from data controllers to data controllers established outside the EU/EEA and one set for the transfer to processors established outside the EU/EEA.
Source: Model Contracts for the transfer of personal data to third countries – European Commission