On July 16, 2020, the Court of Justice for the European Union (CJEU) issued a ruling in a case invalidating the EU-US Privacy Shield Framework, one of the ways for companies to transfer data legally from the EU to the US. The ruling did not affect the Swiss-US Privacy Shield Framework, which remains valid. We know that some of our customers may have questions about how this ruling impacts their use of Mailchimp.
First, we want to reassure our customers that they can continue using Mailchimp in compliance with EU law. We have long provided our customers with two layers of protection for data transfers from the EU to the US in our Data Processing Addendum: compliance with the EU-US Privacy Shield Framework and Standard Contractual Clauses (SCCs).
While the ruling from the CJEU invalidated the EU-US Privacy Shield Framework, it doesn’t affect the SCCs, which remain a valid data export mechanism. Our agreements are structured in a way that the SCCs automatically take effect, so our customers are already protected by the SCCs. We will also continue to honor our obligations to protect EU, UK, and Swiss data in compliance with the Privacy Shield Principles.
We’re committed to protecting our customers' ability to transfer and process data on our platform. We're reviewing the Court's decision carefully. We're closely monitoring the situation for emerging guidance to determine whether we'll need to make any additional changes to our practices. Learn more about Mailchimp's data export compliance here.
Published July 16, 2020. Last updated on August 4, 2020.