Today, the Court of Justice of the European Union (EU) issued a ruling that invalidates the EU-U.S. Privacy Shield framework, which is one of the mechanisms that allows for the transfer of personal data from the EU to the U.S. We understand some Snowflake customers may have questions about this decision.
We want all Snowflake customers to know that the court’s decision made clear the Standard Contractual Clauses (SCCs) remain a valid mechanism to transfer personal data from the EU. The SCCs will continue to allow our customers to legally transfer personal data from the EU through Snowflake’s service. Snowflake enters into the SCCs with our customers as part of our regular contract process.
Snowflake’s Data Processing Addendum, which we offer to all customers, has historically included two legal mechanisms for the transfer of personal data from the EU: (1) Snowflake’s certification to the Privacy Shield framework for transfers to the U.S. only, and (2) the SCCs. So, the court’s ruling does not change the legality of the transfer of personal data from the EU since the SCCs are still intact. In the rare scenario where a Snowflake customer has not already entered into SCCs with Snowflake, that customer can contact its Snowflake account representative who will facilitate the signing of the SCCs.
Snowflake understands the importance our customers place on safeguarding the personal data they load onto the Snowflake data cloud platform, and we work hard to ensure we earn your trust in this regard. As governments and judicial bodies around the world pass new legislation and issue rulings to protect individual’s personal data, Snowflake will continue to comply with all privacy laws applicable to our service, monitor changes in the law to ensure our ongoing compliance, and continually upgrade our data protection program and controls.
Snowflake’s approach to the privacy and security of our customers’ data is reflected in innovative security controls such as our Tri-Secret Secure technology and our compliance with GDPR and CCPA, as well as standards such as ISO/IEC 27001, SSAE SOC 2, Type II, FedRAMP, PCI-DSS, HIPAA, and others.
The privacy landscape is constantly evolving. Throughout that evolution, our customers can rely on Snowflake’s continued commitment to ensuring their data on our data cloud platform flows freely and remains protected.