Protecting our users’ personal data is one of our top priorities. To this end, we continually take all necessary steps to update our processes and policies to meet data privacy rules.
Based on a new ruling in the EU Court of Justice on July 16, 2020, we have adjusted the way we transfer data.
The July 16, 2020 decision and its significance
On July 16, 2020 the EU Court of Justice (CJEU) delivered a ruling in the case known as Schrems II. The court decided that:
- The Privacy Shield is no longer considered an adequate mechanism for Europeans’ personal data transfers to the US.
- The Standard Contractual Clauses (SCC), another commonly used mechanism for transatlantic data transfers, still ensures compliance with the level of protection required by EU law.
This case is significant because EU regulations (including GDPR) require an adequate data transfer mechanism that allows US-based services to transfer and process EU personal data.
By invalidating Privacy Shield as an appropriate data transfer mechanism between the EU and US, SCCs remain, for now, the most realistic option for the transfer of personal data outside of the European Economic Area (EEA).
Impact on TalentLMS
We strive to ensure that TalentLMS and our sub-processors follow the same data protection obligations at all times.
As a result of this new ruling, we’ve put new processes in place and updated our information. Namely, we have:
- Removed any reference to the now invalidated Privacy Shield transfer mechanism
- Incorporated the Standard Contractual Clauses (SCC) in our DPA.
|Note: TalentLMS data transfers are subject to the latest versions of the SCC approved by the European Commission, as published in the Official Journal of the European Union. This means TalentLMS (and, by our extension, our customers) will always be compliant with respect to the processing of personal data while using our platform.|
What you need to do
The DPA is an integral part of your agreement with TalentLMS and automatically binding for both TalentLMS and the Customer. So, with this new ruling, you don’t need to take any action.
If you have signed a previous version of the Data Processing Agreement (DPA), we recommend you sign the new version available here.