Cross-Border

A voluntary, accountability-based framework enabling cross-border data transfers among APEC member economies. Companies certify compliance through a government-approved accountability agent rather than through regulation. Relevant for businesses transferring personal data across the Asia-Pacific region.

Pre-approved contractual terms adopted by the European Commission for transferring personal data from the EU to countries without an adequacy decision. They are the most widely used mechanism for lawful cross-border data transfers from the EU. Any company receiving personal data from the EU without an adequacy finding must implement the appropriate SCC module.

The current mechanism allowing certified US companies to receive personal data from the EU without additional safeguards like Standard Contractual Clauses. US companies self-certify through the Department of Commerce. It replaces the invalidated Privacy Shield, and its long-term durability remains uncertain.

The UK's mechanism for lawful personal data transfers to countries without a UK adequacy decision, replacing the EU SCCs for UK data flows after Brexit. They are required whenever UK personal data is transferred to a non-adequate country. Any company receiving UK personal data must implement the appropriate transfer agreement.