The new standard contractual clauses (“SCCs“) issued by the European Commission (see our prior blog post here) continue to prove controversial.  Among other things, the SCCs require that the law of the European Union (“EU“) Member State underpinning them provides third-party beneficiary rights.  Most EU Member States are civil law jurisdictions that already provide such rights.  Ireland, however, is a common law jurisdiction like the U.S. and the UK, and as such, depends largely on evolving case law to define the scope of various rights and obligations.

Consequently, some commentators have raised questions about whether Irish law adequately protects third-party beneficiaries, since Ireland still retains the doctrine of privity of contract, a concept with effectively holds that only parties to a contract can enforce it.  That said, Irish courts have gradually pared back this doctrine over the years, declining to enforce it strictly and tending instead to take a broader, more equitable view that allows for exceptions.  In particular, Irish courts have deferred to the legislature where it has introduced laws that explicitly include third-party rights.  Indeed, the original Irish data protection legislation served as a case in point, as it intentionally excluded the doctrine of privity, although this explicit exclusion was dropped from the final text of the Data Protection Act 2018.

While there are other grounds upon which an Irish court could nevertheless uphold third-party rights under data protection law, there remains some uncertainty over how the new SCCs would protect third-party beneficiaries under Irish law in the same manner as the civil law systems of other European countries.  Perception of a problem can itself be a problem.

The Irish Department of Justice has indicated that it is in the process of addressing this uncertainty by amending legislation to the Data Protection Act 2018.  They are working on a final draft for this amendment and intend to have it in place soon, before the new SCCs become operable.  Once such an amendment is finalized, Irish law will then will then explicitly offer specific protections for third-party beneficiaries of an international data transfer made pursuant to the new SCCs.

* * * * * * * * * * *

UPDATE: June 25, 2021

New Irish law was signed on June 24, 2021, to allow for third-party beneficiary rights in Irish data protection law.  This removes an ambiguity that had arisen for companies adopting the EC Standard Contractual Clauses and Binding Corporate Rules under Irish law.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Marie Daly Marie Daly

Marie Daly brings a broad range of commercial and regulatory expertise across a variety of business sectors. She is recognised as being a practical, straightforward, and commercially focussed lawyer; with a proven capacity to influence at all levels within business and to contribute…

Marie Daly brings a broad range of commercial and regulatory expertise across a variety of business sectors. She is recognised as being a practical, straightforward, and commercially focussed lawyer; with a proven capacity to influence at all levels within business and to contribute to policy and legislative development.

With a background as a litigator, employment lawyer, and lobbyist, Marie served as the general counsel of Ibec, the largest Irish lobby and business representative group, for over 16 years before joining the firm. She was responsible for ensuring competition compliance for 38 trade associations and also developed a data protection compliance regime in recent years.

Marie has significant corporate governance experience in the private and public sector having also served as a Board member of two Irish regulators.

Marie is a member of the Irish Company Law Review Group appointed by the Minister of Business Enterprise and Innovation, and was deeply involved in the drafting of the comprehensive new Companies Act 2014.