Fathom Analytics Fathom Analytics

The Schrems II Judgement (Privacy Shield invalidation)

Paul Jarvis, co-founder Fathom Analytics

Written by Paul Jarvis

Published on: July 24th, 2020
The Schrems II Judgement (Privacy Shield invalidation)

Note: here is an update on the Schrems II Judgement.

We have closely followed the Court of Justice of the European Union (EUCJ) ruling on the Privacy Shield certification for US businesses, effectively making it invalid as of July 16, 2020. The ruling has a significant impact on numerous businesses across the world.

Several data protection authorities (DPAs) across the EU have provided statements on the ruling. However, there is no unified conclusion or advice on how to manage it on a practical level. The ICO, the UK's DPA, advises for example to "please continue to (rely on the Privacy Shield) until new guidance becomes available".

What is Fathom Analytics doing?

We constantly monitor relevant changes to privacy regulations with a global impact, such as the GDPR and the coming ePrivacy Regulation. We also did a thorough GDPR review in May-June this year and appointed a Privacy Officer. We reviewed all data processors (including sub-processors), data flows, the personal data we process, legal grounds, retention periods and more, to ensure we comply with the GDPR in the best way possible.

Today, we process some personal data in the US. We will pay close attention to what European DPAs and the European Data Protection Board will advise going forward.

In the meantime, we have taken the following immediate actions

  1. We have familiarized ourselves with the ruling and the background for it
  2. We're in close dialogue with our Privacy Officer, a European based GDPR and privacy consultancy, on the practical implications for our company
  3. We're reviewing our current personal data inventory and data processors (including sub processors)
  4. We're reviewing our privacy risk assessments and will update these according to the ruling
  5. We have reached out to data processors we know are affected by this, and are awaiting their feedback
  6. We're reviewing other necessary actions continuously

As always, privacy is at the core of everything that we do at Fathom Analytics, and you can be certain that we take this ruling seriously. We will update this page going forward with further actions that might be necessary.

If you have any questions, feel free to contact us.

Sources/resources

Filed under: privacyReturn to blog →