What Tealium Customers Should Know About the EU-US Privacy Shield Changes
It was a long weekend for many legal teams around the U.S. On Thursday, July 16th the Court of Justice for the European Union (CJEU) issued a ruling in a case examining transfers of personal data from the EU. We wanted to take a moment to write down what this means for Tealium customers and also provide some helpful information to further clarify this ruling.
- Court of Justice for the European Union (CJEU) ruling on Thursday invalidates the use of EU-US Privacy Shield
- CJEU did confirm the continued use of Standard Contractual Clauses (SCCs) for data transfers between the EU and U.S.
- The decision does not impair Tealium’s continued providing, and your use of, Tealium Services
- Tealium will update all Data Processing Agreements (DPA’s) with Standard Contractual Clauses, if and where needed.
What Was Decided?
The European Union (EU) has several laws addressing the protection of personal information of EU residents, among them the now famous General Data Protection Regulation, or GDPR. There are a few methods in place that provide assurance to EU residents that their personal data that is transferred to the U.S. is carefully protected. One of the most popular methods was certification with the EU-US Privacy Shield framework. The EU-US Privacy Shield was a way to transfer data back and forth for processing while maintaining EU data privacy standards set by GDPR.
The other method of protection is Standard Contractual Clauses or SCC’s. SCCs are as the name suggests, templated clauses that the European Commission wrote, outlining a range of rights and responsibilities in line with the GDPR. Thursday’s ruling by the CJEU invalidated the use of Privacy Shield going forward but did validate continued use of Standard Contractual Clauses.
What Should Tealium Customers Know?
First, we want to make it clear to our customers that last Thursday’s ruling by the CJEU does not affect Tealium’s ability to continue to provide our services to our customers/prospects, or the ability of our customers to use Tealium services. Consumer data privacy is at the heart of our tools, services, and architecture. We put guidelines and business processes in place to protect our customers and their data based on new laws and regulations like the one passed down last week.
Tealium’s standard data processing agreement (DPA) for its European customers and Tealium’s data protection and processing policies allowed for Privacy Shield as the default for EU-US personal data transfers, and that agreement further provides an automatic fall-back to the SCC’s in the event the Privacy Shield framework was invalidated.
Our dedicated Tealium Data Privacy Team continuously monitors developments around the globe in regards to ever-changing laws around personal data protection and any guidance issued by the relevant authorities. We are committed to continuing to provide our services to you uninterrupted and in compliance with relevant regulations.
Any customer that has questions or concerns based on this ruling can contact Tealium at [email protected] and we are happy to help.