EU-US DATA PRIVACY FRAMEWORK FAQ
Q1. What does the new EU-US Data Privacy Framework (DPF) mean for Informatica customers?
A1. There is no change to the operation of Informatica services, and all related transnational data flows continue unchanged. Transfers that previously occurred under the Standard Contractual Clauses either continue continue to do so or now occur under Informatica’s Controller or Processor Binding Corporate Rules ("BCRs"), which recently went into effect. See - https://www.informatica.com/binding-corporate-rules.html for more information on the BCRs.
Q2. What is Informatica’s position on the new DPF?
A2. The DPF is an efficient legal mechanism for transferring personal data from Europe to the USA. Although Informatica is unlikely to rely significantly on the DPF for our own transfers, we nevertheless welcome its entry into force. Approval of the DPF is an important indicator that governments in both Europe and the USA recognize the importance of these data flows to our global economy. Europe is a world leader in data protection, and our expectation is that other countries will follow Europe’s lead in avoiding unreasonable transfer restrictions.
Q3. Does my company need to sign a new Data Processing Agreement with Informatica to take advantage of the DPF?
A3. The vast majority of customers are likely content with existing data transfers under the Standard Contractual Clauses or Processor BCRs. Customers may notify their Informatica representative if they have a reason to prefer use of the DPF instead.
Q4. How can my company sign a new Data Processing Agreement with Informatica?
A4. Customers can create their own signable version of Informatica’s customer DPA here.
Q5. Is Informatica subject to the sort of US government surveillance that led the EU Court of Justice (CJEU) to terminate the predecessor to the DPF, the Privacy Shield?
A5. The CJEU expressed concern about intelligence collection programs under Section 702, also referred to as the FISA Amendments Act, and under Executive Order 12333. Informatica can confirm that it has never been issued a FISA directive for customer data by the US government under section 702. Similarly, Informatica is not aware of any intelligence gathering related to its services under EO 12333 and does not believe it would be possible in light of Informatica’s use of strong encryption in transit.
Q6. Will Informatica comply with government requests for customer data?
A6. Although Informatica will comply with all obligations under law, we will raise all appropriate and available challenges relating to both any obligation to produce information and any nondisclosure obligation regarding the existence or substance of the request.
Q7. Is data processed by Informatica secure from unauthorized surveillance?
A7. All products on our Informatica Intelligent Cloud Services platform encrypt all data in motion (even traffic within a pod) and all data at rest (at both file and database level).