A recent Court of Justice of the European Union (CJEU) ruling impacts General Data Protection Regulation (GDPR) compliance requirements for transferring EU personal data outside of the European Economic Area (EEA). This ruling does not change InVision's commitment to our existing strong privacy practices.
Summary of the Decision
The CJEU’s judgment in Data Protection Commissioner v Facebook Ireland Limited, Maximilian Schrems Case on the 16th of July 2020 ruled that:
- The Standard Contractual Clauses (SCCs) remain valid; and
- The Privacy Shield does not constitute an acceptable legal mechanism to legitimize transfer of personal data to the US.
What does this mean for InVision’s users?
The CJEU has upheld the SCCs as a valid mechanism to transfer personal data outside of the EEA. This means that InVision customers can continue to rely on the SCCs included in the InVision Data Processing Addendum (InVision DPA) as a valid transfer mechanism under GDPR.
The InVision DPA with the SCCs is available for all InVision customers transferring data outside of the EEA, including to the US. InVision customers can therefore continue to use InVision’s services in compliance with the GDPR.
If you are an existing customer and have a DPA in place with InVision, you can continue to use InVision’s services in compliance with the GDPR.
If you are an existing customer and require a DPA, please follow this link, which will bring you to our DPA for your review and signature.
At InVision, Privacy is paramount, so be reassured that we are monitoring the privacy developments closely and we will keep you updated as things evolve. During this time, we will continue to follow our commitments under existing DPAs and our commitments under the SCCs.