SCHREMS II and NEW EUROPEAN STANDARD CONTRACTUAL CLAUSES FAQ
Q1. What did the July 2020 Schrems II decision mean for Informatica customers?
A1. Informatica customers can continue to use Informatica cloud services to process European personal information. There is no change to the operation of Informatica services, and all related transnational data flows that were legal before the Schrems II decision can continue legally after it. All transfers that previously occurred under the Privacy Shield now proceed under Standard Contractual Clauses. Informatica anticipated the Schrems II decision and designed its standard data processing agreement (DPA) to automatically revert to Standard Contractual Clauses if the Privacy Shield is invalidated.
Q2. What do the June 2021 Standard Contractual Clauses mean for Informatica customers?
A2. Customers that already rely on the Standard Contractual Clauses to transfer European personal data to Informatica services need to sign the new Standard Contractual Clauses with Informatica before 27 December 2022. New transfers, such as use of new Informatica services, that begin after 27 September 2021 will immediately require the new Standard Contractual Clauses to be signed.
Q3. Does my company need to sign a new Data Processing Agreement with Informatica in order to sign the new Standard Contractual Clauses?
A3. No. Customers can sign an amendment to their existing DPA that only adds the new Standard Contractual Clauses.
Q4. How can my company sign new Standard Contractual Clauses or a new Data Processing Agreement with Informatica?
A4. Customers can create their own signable version of Informatica’s customer DPA at this link. Customers who already have a DPA but wish to sign separate Standard Contractual Clauses can use this link.
Q5. Is Informatica subject to the sort of US government surveillance that led the CJEU to terminate Privacy Shield?
A5. The CJEU expressed concern about intelligence collection programs under Section 702, also referred to as the FISA Amendments Act, and under Executive Order 12333. Informatica can confirm that it has never been issued a FISA directive for customer data by the US government under section 702. Similarly, Informatica is not aware of any intelligence gathering related to its services under EO 12333 and does not believe it would be possible in light of Informatica’s use of strong encryption in transit.
Q6. Will Informatica comply with government requests for customer data?
A6. Although Informatica will comply with all obligations under law, we will raise all appropriate and available challenges relating to both any obligation to produce information and any nondisclosure obligation regarding the existence or substance of the request.
Q7. Is data processed by Informatica secure from unauthorized surveillance?
A7. All products on our Informatica Intelligent Cloud Services platform encrypt all data in motion (even traffic within a pod) and all data at rest (at both file and database level).
