Schrems II FAQ
Q1. What does this decision mean for Informatica customers?
A1. Informatica customers can continue to use Informatica cloud services to process European personal information. There is no change to the operation of Informatica services, and all related transnational data flows that were legal before the Schrems II decision can continue legally after it. All transfers that previously occurred under the Privacy Shield now proceed under Standard Contractual Clauses.
Q2. Does my company need to sign a new Data Processing Agreement with Informatica?
A2. No. Customers under an Informatica standard data processing agreement (DPA) do not need a replacement. Informatica anticipated the Schrems II decision and designed the DPA to automatically revert to Standard Contractual Clauses if the Privacy Shield is invalidated. The Standard Contractual Clauses remain a valid transfer mechanism. Customers under a nonstandard DPA should consult with their legal counsel to determine if separate Standard Contractual Clauses should be signed.
Q3. I’m not sure my company is covered by Standard Contractual Clauses. How can my company sign new Standard Contractual Clauses or a new Data Processing Agreement with Informatica?
A3. Customers can create their own signable version of Informatica’s customer DPA at this link. Customers who already have a DPA but wish to sign separate Standard Contractual Clauses can use this link.
Q4. Is Informatica subject to the sort of US government surveillance that led the CJEU to terminate Privacy Shield?
A4. The CJEU expressed concern about intelligence collection programs under Section 702, also referred to as the FISA Amendments Act, and under Executive Order 12333. It is not clear whether Informatica, as a B2B cloud service provider, would be the type of entity to which the US government is authorized to issue FISA directives under section 702. Informatica can confirm, however, that it has never received a request for customer data from the US government under section 702. Similarly, Informatica is not aware of any intelligence gathering related to its services under EO 12333.
Q5. Will Informatica comply with government requests for customer data?
A5. Although Informatica will comply with all obligations under law, we will raise all appropriate and available challenges to the fullest extent possible relating to both any obligation to produce information and any nondisclosure obligation regarding the existence or substance of the request.
Q6. Is data processed by Informatica secure from unauthorized surveillance?
A6. All products on our Informatica Intelligent Cloud Services platform encrypt all data in motion (even traffic within a pod) and all data at rest (at both file and database level).
