A recent legal unfolding regarding the EU-USA privacy relations took place yesterday (16th July 2020) with the declaration that the EU-US Privacy shield as invalid by the European Court of Justice due to the mass surveillance in the US.
I’m not too informed on the subject, but I’m posting this to start a conversation on the implications for CDCK users located in the EU or at least to bring awareness to the Discourse team to this issue.
For complaints under the Privacy Shields, CDCK has a contract with JAMS, an independent alternative resolution provider based in the United States. If we can’t resolve a complaint about Privacy Shield between us, you can submit a Privacy Shield claim through JAMS. Arbitrating through JAMS is free of charge to you. Under some circumstances, European Union users may invoke binding Privacy Shield arbitration, as a last resort.
Thanks @core, we’re well aware of the court ruling. We’ve actually been monitoring this since early 2018 based on previous court rulings.
Like nearly every company out there we’re working to understand exactly how the ruling and invalidation of Privacy Shield impact us. We’re also hoping that, like the BBC article mentions, that there is a grace period to allow time for a new agreement to be formed.
The important thing to note is that the ECJ did not rule SCCs invalid at this time, and we have a form DPA with SCC incorporated by reference for any customer that requests one.
At this time we don’t have much further to say. We’ll of course update our privacy notice as required, and make other changes as necessary to comply with relevant laws/regulations. None of that will happen instantly though. Those of us in the software world may be used to things moving quickly - the law doesn’t.