Cross-border Data Flows
On Thursday, July 16, 2020, the Court of Justice of the European Union issued a ruling regarding two mechanisms used by entities to transfer personal data from the European Economic Area (EEA) to other countries under the General Data Protection Regulation (GDPR). The Court invalidated the EU-U.S. Privacy Shield Framework for transfers to the U.S., while upholding the validity of the Standard Contractual Clauses.
At Palo Alto Networks, we believe that privacy is important for our customers’ trust and we wish to reassure our customers that their data with Palo Alto Networks can continue to flow to the U.S. in compliance with the Court’s decision. Palo Alto Networks has been relying on the Standard Contractual Clauses, in addition to the Privacy Shield, to transfer customer data from the EEA to the U.S. Since the Standard Contractual Clauses remain valid, the ruling does not limit our ability to continue protecting our customers’ data while transferring it to the U.S., and it does not require any changes to our customers’ agreements or to our customers' use of our products and services.