Lithuania: VDAI publishes FAQs on use of EU SCCs
On June 5, 2023, the State Data Protection Inspectorate (VDAI) published a set of frequently asked questions (FAQs) on the use of the EU Standard Contractual Clauses (SCCs).
In particular, the FAQs highlight that the SCCs apply only to data controller and data processor relationships and that where the data controller uses another service provider which is not a data processor, but is a separate data controller, the SCCs do not apply. In addition, the FAQs provide that the SCCs are optional and that data controllers can choose whether to use them and, if so, to what extent. However, where the SCCs are used, the provisions cannot be changed, except where they are specified to be changeable.
The FAQs also note that, in the SCCs, data controllers have the right to include terms included by a data controllers' own data processing agreement or other agreement, but that such other agreements cannot contradict the provisions of the SCCs.
Finally, the FAQs stipulate that contracts concluded in accordance with Article 28 of the General Data Protection Regulation (GDPR) are not the SCCs, and that parties cannot rely on the SCCs on the basis of data transfers to third countries or international organizations in accordance with Chapter V of the GDPR.
You can read the FAQs, only available in Lithuanian, here.