We are proud to announce that the Privacy Shield certification for Rackspace has been finalized and is effective as of Oct. 24, 2016.
As noted in our previous blog post, the European Commission announced the adequacy decision of the privacy protections provided by the EU-U.S. Privacy Shield on July 12, 2016. The EU-U.S. Privacy Shield is now a new mechanism to comply with the EU personal data transfer requirements when transferring personal data from the European Union to the US. This new framework replaced the U.S.-EU Safe Harbor Framework that was invalidated in October 2015.
Rackspace completed its compliance assessment and filed the Privacy Shield application with the U.S. Department of Commerce in September 2016. Rackspace has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. Click for our certification on the Privacy Shield website.
Rackspace also continues to maintain the U.S.-Swiss Safe Harbor certification regarding the collection, use, and retention of personal information from Switzerland.
Rackspace’s participation in the Privacy Shield and Swiss Safe Harbor programs is applicable to all personal information that is subject to the Rackspace Privacy Statement. The scope of Rackspace compliance with the Frameworks’ Privacy Principles is described in the Rackspace’s Privacy Shield and Swiss Safe Harbor Privacy Notice.
With respect to personal data that our customers store with Rackspace, Rackspace also defines its obligations in its customer agreements. As stipulated in the supplementary Privacy Shield Principle 10 (“Obligatory Contracts for Onward Transfers”), because adequate protection is provided by Privacy Shield participants, contracts with Privacy Shield participants for mere processing do not require prior authorization (or such authorization will be granted automatically by the EU Member States), as would be required for contracts with recipients not participating in the Privacy Shield or otherwise not providing adequate protection.