Privacy and Data Protection

Veeva FAQ: ECJ Decision Regarding the EU-US Safe Harbor Framework

In light of the European Court of Justice’s (“ECJ”) decision on October 6, 2015 regarding the validity of the EU-US Safe Harbor Framework, Veeva is providing its customers the opportunity to execute the European Commission’s (“EC”) standard contractual clauses (commonly referred to as the “EU Model Clauses”) in order to legally transfer personal data to Veeva in the United States.

What is the EU-US Safe Harbor Framework?

The EC and the U.S. Department of Commerce established the Safe Harbor Framework in 2000 as a means to legally transfer personal data from the EU to eligible U.S. companies that certified compliance with Safe Harbor principles.

What did the ECJ decide regarding the EU-US Safe Harbor Framework?

On October 6, 2015, the ECJ determined that EU-US Safe Harbor Framework cannot eliminate or even reduce the powers available to the national data protection authorities to investigate complaints by EU citizens even where, in the case of the United States, the EC had agreed that it afforded an adequate level of protection of personal data through the Safe Harbor principles. The impact is that Safe Harbor alone is no longer adequate legal validation for such transfers.

What does the ECJ’s decision mean for a customer’s use of Veeva services?

Rest assured that the ECJ decision has no effect on the security of our customers’ personal data. Veeva’s customers already have in place appropriate contractual commitments and coupled with regular and extensive audits and adherence to industry respected standards, customers have been and continue to be confident as to the level of protection of their personal data. Upon investigation, national data authorities would find that Veeva provides an adequate level of protection under the EU Directive on data protection. However, in order to assist our customers to more easily demonstrate this adequacy to national authorities, Veeva is offering to execute the EU Model Clauses with our customers. Please note that the EU Model Clauses will apply to the extent that there is not already another legal basis in place to validate the transfer of personal data from the EU to the U.S.

What are the EU Model Clauses?

The EU Model Clauses are contract templates developed by the European Commission as one mechanism for contracting parties to legalize the transfer of personal data outside of Europe. Provided the EU Model Clauses are not changed by the contracting parties, they automatically meet the requirements for a legal data transfer.

How does my company execute the EU Model Clauses with Veeva?

Veeva customers may access and electronically sign the EU Model Clauses populated with Veeva-specific details here.

For additional questions

If you have additional questions regarding Veeva’s approach to EU data privacy and the ECJ’s Decision Regarding the EU-US Safe Harbor Framework, please email data_privacy@veeva.com.