Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

E-signatures can prove conclusion of data processing agreements

The use of electronic signatures (e-signatures) can prove that data processing contracts have been concluded and their terms agreed to, the EU's justice commissioner has said.12 Sep 2018

Věra Jourová said that it is possible for data processing contracts to be entered into digitally, but that it is not necessary for those agreements to be signed electronically for them to have effect.

Jourová's comments were made in response to a question posed by MEPs.

The outsourcing of data processing must be governed by contracts under the General Data Protection Regulation (GDPR). Those contracts bind the data processors to adhere to the conditions on data processing stipulated in the contract by data controllers. The contracts can be in electronic form.

Jourová said "The rules for entering into contracts or other legal acts, including in electronic form, are not set forth in the GDPR but in other EU and/or national legislation. The e-commerce Directive (Directive 2000/31/EC) provides for the removal of legal obstacles to the use of electronic contracts. It does not harmonise the form electronic contracts can take. In principle, automated contract processes are lawful. It is not necessary to append an electronic signature to contracts for them to have legal effects. E-signatures are one of several means to prove their conclusion and terms."

"A legal act may be an ordinance or other type of administrative decision whereby controllers vested in public authority may stipulate the conditions for processing personal data on their behalf," she said.