On Thursday, July 16, 2020, in a case examining transfers of data from the EU, the Court of Justice for the European Union issued a ruling invalidating the use of Privacy Shield. The EU-US Privacy Shield Framework was developed and agreed to by the European Commission and the US Department of Commerce in 2016. It enabled US organizations certified under the programs to legitimately receive personal data from the EU. In response to the invalidation of Privacy Shield the European Data Protection Board announced it is ready to work with the US to create a replacement data transfer framework.
The Federal Data Protection and Information Commissioner in Switzerland followed in the footsteps of the EU on September 8, 2020, determining the Swiss-U.S. Privacy Shield fails to provide an adequate level of protection for personal data transferred from Switzerland to the United States.
Despite the uncertainty around Privacy Shield, customers can be assured that Proofpoint has been, and will continue to be, committed to complying with applicable data protection law. That commitment had previously included overlapping protections under both the Standard Contractual Clauses and Privacy Shield frameworks as well as robust privacy and security measures in accordance with GDPR, the Australian Privacy Act and most recently, the California Consumer Privacy Act. Proofpoint will also continue to have annual security audits and penetration testing performed by independent auditors and testing organizations. Proofpoint will continue to process all data with all protections required under applicable data protection law. For more detailed information on Proofpoint’s commitment to data protection, please refer to our Trust Site.
As a Privacy Shield-certified organization, Proofpoint understands that existing data processing agreements that relied on Privacy Shield now need to be updated with an alternative mechanism. As the Standard Contractual Clauses remain a valid mechanism for data transfers from the EU to the US, any customer wishing to enter into the Standard Contractual Clauses can do so by signing a Data Protection Agreement including the SCCs, which can be found on the Trust site.
Proofpoint is continuing to monitor this topic and will update the Trust Site as new information becomes available.
© 2022. All rights reserved. The content on this site is intended for informational purposes only.
Last updated April 27, 2022.