Highspot’s update re Schrems II case & Privacy Shield

Recently, the Court of Justice of the European Union issued a decision in the “Schrems II” case (Data Protection Commissioner v. Facebook Ireland & Schrems), which confirmed that the European Commission’s Standard Contractual Clauses remain a legitimate mechanism for transferring personal data from the European Union to the United States, while also invalidating the Privacy Shield framework. Following this decision, the Federal Data Protection and Information Commissioner of Switzerland issued an opinion invalidating the Swiss-U.S. Privacy Shield. Highspot has included overlapping protections to ensure that this decision does not interrupt the safe transfer of personal data via a legitimate transfer mechanism. Highspot customers that signed our Data Processing Addendum or Agreement (DPA) or a similarly drafted DPA that includes the Standard Contractual Clauses as a valid data transfer mechanism can be assured of the safe transfer of personal data via a legitimate transfer mechanism. Our DPA is available to all customers and already included in our customer agreements.

Highspot is still certified under the EU-U.S. and Swiss-U.S. Privacy Shield. You can view Highspot’s certification here. Although the Court of Justice of the European Union declared the Privacy Shield mechanism “invalid,” Highspot remains committed to fulfilling its obligations under the Privacy Shield framework and to protecting transfers of personal data.

At Highspot, we deeply value your trust and take the protection of personal data very seriously, and we are committed to ensuring that our customers’ personal data can continue to flow freely between the EU and the U.S. with appropriate safeguards in place, and we will continue to partner with regulators and industry groups to make sure that our customers’ needs are met.