Yesterday, the European Union Court of Justice ruled the U.S.- EU Safe Harbor framework invalid.
In place since 2000, the framework offered an established data transfer compliance mechanism that enabled U.S. companies, including Rackspace, to export and handle personal data from the EU. More than 4,000 U.S. companies used this framework.
Rackspace has been anticipating and preparing for such a ruling for some time, and, thanks to additional safeguards already in place, the change should not significantly impact Rackspace.
Data transfers across the Atlantic are continually under discussion and Rackspace has been advocating for ways to improve the existing legal framework for international data transfers for a number of years now.
Rackspace does not solely rely on its Safe Harbor certification and has alternative mechanisms in place for its customers – such as EU Model Clauses and data processing agreements – that allow for data transfers from the EU to the US.
We also have an intracompany data processing agreement in place reflecting the standards of the EU Data Protection Directive. These data transfer mechanisms, along with our various reports on compliance regarding the technological and organizational measures we have in place, should help to meet the EU data controllers’ obligations under applicable data protection law.
While Rackspace cannot advise customers on how the ruling impacts them specifically, we have always worked with our customers to ensure we have processes in place to help our customers comply with their international data transfer requirements, and that will not change.
In the rare event that our existing data transfer mechanisms prove insufficient for our customers, and customers require EU Model Clauses or data processing agreements in addition to these safeguards, we are more than happy to continue assisting our customers with these requests.
We are committed to helping our customers navigate through this transition period with alternative data transfer mechanisms to help them minimize their compliance risk.
For more information, contact firstname.lastname@example.org.