1. CJEU Judgement:
The Court of Justice for the European Union issued a ruling on the 16th of July, 2020 in a case examining the validity of data transfers from the EU to the US on the basis of Privacy Shield and Standard Contractual Clauses (SCCs).
According to this ruling, the Privacy Shield has been invalidated and can no longer be used by organisations to transfer personal data from the EU to the US.
It is worth noting that the SCCs are still valid.
2. How does this affect your use of Zoho services?
Click here to know how to identify the DC in which your Zoho account exists.
Although Zoho declared adherence to the Privacy Shield, it was not the only basis available for transfers to the US. We have always allowed our customers to sign SCCs-based Data Processing Agreements (DPAs) with us. If you have not yet signed a DPA with us, you can do so by following the steps listed here in the Privacy FAQ.
In summary, if you've signed the DPA for data transfer from the EU to the US, it continues to be valid and there is no need for action.
With respect to the data that you share with us for the purpose of obtaining technical support, and our access to the EU DC from our other office locations in order to conduct debugging operations, please refer here to know our basis for the access.
We will also continue providing support to enable you to migrate* from the US DC to the EU DC if your organisation requires such a movement of the data.
* Please note : The ability may be limited and the duration of the migration may vary across each product