The Article 29 Working Party (WP29) has issued a working document (WP 226) that establishes a co-operation procedure for issuing common opinions on contractual clauses, considered to be compliant with the European Commission's model clauses. Most contracts used by companies for international data transfers are either entirely based on the model clauses or are mostly based on them, with some divergences such as additional clauses. Sometimes companies use identical clauses in different member states to frame the same type (or similar) transfers starting from those member states, for example, corporate groups whose data systems are centralised outside of the European Economic Area (EEA) and their EU subsidiaries use the same set of contractual clauses.

At present, different national data protection authorities may have to analyse the same contract to assess its compliance with the model clauses and there is a risk that they may not reach the same conclusion. This new procedure will enable companies that use identical contractual clauses (based on the model clauses, with some divergences) in different member states, to frame transfers from different member states, obtain a coordinated position from the data protection authorities on the proposed contract and to decide if the contract is still in conformity with the model clauses. The Commission has issued two decisions regulating controller to controller transfers and one regulating controller to processor transfers (for copies see Practice note, Cross-border transfers of personal data: Standard contractual clauses).

This procedure should simplify and speed up the authorisation process and provide greater certainty for companies that transfer personal data outside of the EEA.

Source: Article 29 Working Party, Working document WP 226, 26 November 2014.