The following guide provides an overview and history of the General Data Protection Regulation (GDPR) and how Recurly supports its merchants in adhering to GDPR requirements
Privacy of data is one of the fundamental rights guaranteed to European citizens under the Charter of Fundamental Rights of the European Union (2012/C 326/02), thus businesses in Europe are legally obligated to ensure they adequately protect their data under GDPR.
In 1995, the EU passed the Data Protection Directive (DPD), which restricted European companies from sharing personal data outside of the European Economic Area (EEA) unless the recipient country had laws that provided similar data protection laws as the EU, and the data transfer occurred under binding corporate rules (BCRs) or standard contractual clauses (SCCs).
In 2000, the EU Commission approved Safe Harbor, which determined the US met the requirements of the DPD and allowed data transfers to the US. This was a lawful basis for data transfers to the US until 2015, when the European Court of Justice (CJEU) ruled it invalid due to US government having “access on a generalised basis to the content of electronic communications” in a ruling now known as “Schrems I” (after the name of the plaintiff that brought the lawsuit, Maximilian Schrems).
In 2016, a replacement for Safe Harbor was found in the form of the EU–US Privacy Shield. It also was challenged in CJEU by the same plaintiff, Maximilian Schrems and was also ruled invalid in July 2020 (known as “Schrems II”).
Since July 2020, the main way to lawfully transfer data from the EU to the US is via SCCs. This is what Recurly uses today as the lawful basis for transferring data to/from the EU.
Standard Contractual Clauses are exactly that; contractual terms that have been pre-approved by the European Commission to be used between companies in Europe and outside of Europe to establish a lawful basis for data transfers.
Given that Privacy Shield has been invalidated, Recurly now has a Data Protection Agreement that we offer our merchants that includes the SCCs. It is public and can be found our on our website here.
Updated about 1 month ago