Cloudflare Certifies Under the New EU-U.S. Privacy Shield

Cloudflare has certified with the U.S. Department of Commerce for the new EU-U.S. Privacy Shield framework.

Beginning this summer, the U.S. Department of Commerce began accepting submissions to certify under the EU-U.S. Privacy Shield framework, a new mechanism by which European companies can transfer personal data to their counterparts in the United States. By certifying under Privacy Shield, Cloudflare is taking a strong and pro-active stance towards further protecting the security and privacy of our customers.

Since 1998, following the European Union’s implementation of EU Data Protection Directive 95/46/EC, companies in Europe wishing to transfer the personal data of Europeans overseas have had to ensure that the recipient of such data practices an adequate level of protection when handling this information. Until last October, American companies were able to certify under the U.S.-EU Safe Harbor Accord, which provided a legal means to accept European personal data, in exchange for assurances of privacy commitments and the enactment of specific internal controls.

However, after having been in effect for roughly fifteen years, in October 2015 the European Court of Justice overturned the Safe Harbor and declared that a new mechanism for transatlantic data transfers would need to be negotiated in light of changes in the way the Internet is used around the world. Authorities in Europe and the U.S. quickly accelerated discussions that had already been in process, with the result being the new Privacy Shield framework. This framework expands significantly upon the former Safe Harbor, improving and bolstering the privacy protections that Europeans can enjoy with respect to the handling of their personal data. While many of the obligations mandated by the Privacy Shield were already covered by the Safe Harbor, Privacy Shield greatly clarifies and builds upon the existing obligations of U.S. companies.

As a security company, the trust and safety of our customers is of paramount importance to Cloudflare. As such, we take our responsibility for, and commitment to, the privacy of our customers extremely seriously, and have strengthened our internal processes and controls to meet the new heightened requirements mandated by the European Commission. This includes updating our Privacy and Security Policy to provide additional details on what personal data we may collect and how it’s used. Although we’re a CDN, in many cases acting merely as a conduit for information inserted into our network by others, Cloudflare was certified under the U.S.-EU Safe Harbor Accord and complies with the new Privacy Shield Framework. In the event that you have any specific questions about the new Privacy Shield, more details can be found at privacyshield.gov/welcome or by reviewing our updated Privacy and Security Policy at cloudflare.com/security-policy.