Article 25 of the EU Data Protection Directive, governs trans-border data flows, and lays down the conditions for transfer of personal data of EU citizens outside EU/EEA.  Under this, free flow of information can only take place with a ‘third country’ if its data protection regime is considered ‘adequate’ by the EU. Only a handful of countries have been considered as ‘adequate’ by the EU (India is not part of this list). For countries that do not qualify as ‘adequate’, the Directive provides alternative legal instruments for data transfer which includes  Standard Contractual Clauses (SCCs) that is majorly used by the IT/BPO service providers in India to serve EU based clients. more