Update on Privacy Shield Invalidation by the European Court of Justice

By Hasani Caraway, General Counsel

Published July 17, 2020
Last updated July 30, 2020

The Court of Justice of the European Union (CJEU) delivered its judgement in Data Protection Commissioner v Facebook Ireland Limited, Maximilian Schrems Case on the 16th of July 2020. The CJEU upheld the validity of the Standard Contractual Clauses (SCCs), which are a mechanism for the transfer of personal data to processors in third countries in order to comply with the General Data Protection Regulation (GDPR). However, the EU-US Privacy Shield, which facilitates the transfer of data between Europe and the United States, has been deemed invalid.

Summary of the Decision

  • Standard Contractual Clauses (SCCs) remain valid.
  • The Privacy Shield does not constitute an acceptable basis to legitimize transfer of personal data to the US.

Zendesk customers can continue to use Zendesk’s services in compliance with the GDPR. The CJEU’s ruling does not change our customers' ability to transfer personal data between the EU and the US while using Zendesk’s services.

Zendesk values our customers’ trust, and we share their same concerns over the privacy of our customers’ data. We offer our customers choices when it comes to privacy. Zendesk has obtained approval for its Binding Corporate Rules (“BCRs”) as a data processor for its customers’ data, which provides our customers with a robust mechanism to facilitate transfers of personal data from the EEA to members of the Zendesk family of companies when using our Services.

Further information is available in our press release of June 6th 2017. In addition, Zendesk offers its customers protections under the Standard Contractual Clauses (“SCCs”). Both the BCRs and the SCCs are incorporated into our Data Processing Agreement (“DPA”).

If you are a current customer and have a DPA with Zendesk, you can continue to use Zendesk’s services in compliance with the GDPR. However, if you have any questions please contact your account manager.

If you are a current customer and require a DPA, you can access the form as needed in your Customer Admin Console, or select the link below, which will bring you to our DPA: