Privacy Shield Certification and Practices

For personal data transferred from the European Union, the UK, and Switzerland to third countries that do not ensure an adequate level of data protection, we will provide appropriate safeguards, such as through the use of Standard Contractual Clauses.

In addition, MaxMind has participated in the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data from the European Union, the United Kingdom and Switzerland to the United States, respectively. MaxMind has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. In light of the judgment of the Court of Justice of the European Union invalidating Privacy Shield, MaxMind will continue to process personal data transferred in reliance on Privacy Shield using appropriate safeguards in accordance with the Privacy Shield Principles.

Invalidation of Privacy Shield

Although Privacy Shield was invalidated by the Schrems II decision, issued by the Court of Justice of the European Union (CJEU), MaxMind continues to adhere to the safeguards, requirements and standards that underlie the Privacy Shield.

The underlying protections that previously applied to Privacy Shield are still important and effective in the protection of data protection rights and freedoms. Moreover, the US Department of Commerce has dictated through its official channel that companies that previously used the Privacy Shield program are not relieved of their obligations under the program. Thus, as an organization that complies with the regulations in all jurisdictions in which we operate, we must comply with the changes based on the Schrems II decision, as well as continuing to implement the protections that underlie the Privacy Shield.

For cross border data transfers, MaxMind relies on the European Commission’s approved standard contractual clauses (SCC) and associated guidance released by the European Data Protection Board (EDPB), as adopted on June 18, 2021 to further protect our customers’ data. Learn more about how MaxMind handles cross border data transfers.

This page was last updated on .

Was this article helpful?