The purpose of the ASEAN Model Contractual Clauses is to provide a legal basis for the cross-border transfer of data. These contractual terms and conditions can be included in binding agreements between parties transferring personal data across borders. The MCCs help parties ensure that the transfer of personal data is done in a manner that complies with the legal and regulatory requirements of the ASEAN Member States, protects the data of Data Subjects, and promotes trust in the ASEAN digital ecosystem. The MCCs serve as templates that outline responsibilities, required personal data protection measures, and related obligations of the parties involved in the data transfer. They are designed to address key issues when transferring personal data across borders.
The ASEAN Model Contractual Clauses (MCCs) offer two distinct modules tailored for various data transfer scenarios:
🔹 Module 1: ASEAN MCCs for a Controller-to-Processor Transfer
- Ideal for cases where a data exporter sends personal data to a data importer functioning as a processor.
- The data importer handles the data on the exporter's behalf and may involve sub-processors.
- Common instances include HR/payroll management or logistics/fulfillment services.
🔹 Module 2: ASEAN MCCs for a Controller-to-Controller Transfer
- Employed when a data exporter transfers personal data to a data importer acting as a controller.
- Here, the data importer processes the data for its own objectives, retaining full data control post-transfer.
The ASEAN MCCs contract can be terminated under the following circumstances:
Termination by the Data Exporter: Compliance by the Data Importer with the contract would put it in breach of its obligations under the law. The Data Importer is in material breach of any obligations under the contract. There is a final decision from a competent court that there has been a breach of the contract by the Data Importer. The Data Importer ceases its operations voluntarily or involuntarily, announces its intent to cease operations, or transfers all or substantially all of its assets to a non-affiliated entity.
Termination by the Data Importer:Compliance by the Data Exporter with the contract would put it in breach of its obligations under the law. The Data Exporter is in material breach of any obligations under the contract. There is a final decision from a competent court that there has been a breach of the contract by the Data Exporter. The Data Exporter ceases its operations voluntarily or involuntarily, announces its intent to cease operations, or transfers all or substantially all of its assets to a non-affiliated entity.
Suspension of Transfer: If the data importer is in breach of its obligations under the contract or applicable AMS Law, the data exporter may temporarily suspend the transfer of personal data until the breach is resolved or the processing under the contract is terminated.
Commentaires