At Palo Alto Networks, we believe that privacy is important for our customers’ trust.

Cross-border Data Flows

On Thursday, July 16, 2020, the Court of Justice of the European Union issued a ruling regarding two mechanisms used by entities to transfer personal data from the European Economic Area (EEA) to other countries under the General Data Protection Regulation (GDPR). The Court invalidated the EU-U.S. Privacy Shield Framework for transfers to the U.S., while upholding the validity of the Standard Contractual Clauses.

At Palo Alto Networks, we believe that privacy is important for our customers’ trust and we wish to reassure our customers that their data with Palo Alto Networks can continue to flow to the U.S. in compliance with the Court’s decision. Palo Alto Networks has been relying on the Standard Contractual Clauses, in addition to the Privacy Shield, to transfer customer data from the EEA to the U.S. Since the Standard Contractual Clauses remain valid, the ruling does not limit our ability to continue protecting our customers’ data while transferring it to the U.S., and it does not require any changes to our customers’ agreements or to our customers' use of our products and services.

Our Privacy Program

How we handle personal information

How our products process personal information

We have developed resources to help our customers address the privacy impact of our products. Read our privacy datasheets to learn how our products collect information, what we do with it and how we protect it.

Our published specifications provide information on how customers can configure products and services to manage the privacy of their personal data.

Learn more

When you visit our websites and portals

Our online privacy statement tells individuals what data we collect about them when they visit our websites, what we do with it, and how they can exercise their rights.

Learn more

Palo Alto Networks as a Data Controller

With respect to our products and services, we perform certain data processing activities as a data processor and other data processing activities as a data controller.

Learn more

Privacy Resources


Palo Alto Networks does not retain, use, or disclose personal information of California consumers for any purpose other than as described in the End User Agreement between Palo Alto Networks and its customers. For information about Palo Alto Networks and CCPA, click below.

Learn more

Data Processing Agreement

Our customer's data controllers can ensure alignment with GDPR contractual requirements by downloading our pre-signed Data Processing Agreement.

Download the agreement
Information security measures

Privacy by Design

We apply Privacy by Design in our Software Development lifecycle and we determine, map and document how our products process personal information. Our Privacy by Design is based on a Privacy Decision Framework. Product managers apply the Framework to develop privacy compliant product requirements.

Data location and data transfer

We are a global company and we understand our customers’ desire to control the location of their data. For many of our products and services, the system administrator has the ability to configure products and services so that they process data only within a chosen region.

Cloud Act FAQ


We use selected sub-processors to support the delivery of our products and services.

Sub-processors for each product are listed in the applicable privacy sheets.

Privacy Data Sheets List of Subprocessors

Our tools for privacy

Our Product Privacy Datasheets provide the information needed to start a Data Protection Impact Assessment.

Learn more

Compliance with GDPR

Find information about our GDPR readiness and access tools and resources on our GDPR readiness page.

Learn more