Data Security

Security Bulletin: Privacy Shield

The European Court of Justice’s recent ruling on Privacy Shield invalidated the data-sharing mechanism this week. The court’s decision, combined with their reaffirmation of the use of standard contractual clauses (SCCs), further aligns data transfers between the EU and the United States with the General Data Protection Regulation (GDPR). This follows recent efforts in the US to implement similar regulations, most notably the California Consumer Privacy Act, Maine’s Act To Protect the Privacy of Online Customer Information, and Nevada’s Internet Privacy SB 220.

We’ve followed speculation over what the resulting economic impact to American and European companies will be. Companies and software users are more focused than ever on data security, even without the oversight of global governments. Flatfile already enforces internal data compliance beyond Privacy Shield requirements including the AICPA SOC2 and HIPAA. In the same ruling invalidating Privacy Shield, another data transfer mechanism, Standards Contractual Clauses, was upheld by the court, so there is ready resolution for American companies who have prioritized data security.

The US Department of Commerce and the EU Data Protection Supervisor have released statements in light of the European Court of Justice’s ruling. In the meantime, you can expect the team here at Flatfile to continue holding our security to a higher standard than any singular certification. Flatfile provides standard contractual clauses to meet the data processing requirements of the European Commission if this is a requirement for your business. If you would like to request a SCC or have any questions, please reach out to hello@flatfile.io.

Our team’s first priority is, and always will be, data security.

Want to learn more about the Flatfile Data Exchange Platform?

See how it works