On Thursday, the European Court of Justice ruled that the EU-U.S. Privacy-Shield (“Privacy Shield”) is invalid. The Privacy Shield is a framework for allowing transfers of personal data from the EU to the U.S., including transfers by educational companies like Blackboard. Blackboard has been Privacy Shield certified as one part of our approach to protecting our EU clients’ personal data. We are carefully assessing the implications of the judgement and determining the best options to continue to adequately protect the personal data of our EU clients that is accessed outside of the EU.
Protection of our client’s data is of the utmost importance to us at Blackboard. As such, we have a multi-level privacy approach which includes applying the high EU General Data Protection Regulation (GDPR) standards globally, and adding contractual protections for transferred data through intra-group agreements. Our regional hosting strategy means that personal data of our EU clients is stored in the EU for the majority of our products. We will continue to apply these protections to EU personal data.
In addition. we decided to implement the more robust Binding Corporate Rules (BCRs) data transfer mechanism. We submitted our BCRs in May 2019 to the Dutch Data Protection Authority (DPA). We are waiting for their assessment and authorisation.
We will therefore work urgently together with our clients to find the best interim solution to replace the Privacy Shield mechanism. We will provide further updates as we have more clarity on the implications of the judgement.
If you have any questions in the meantime, please do not hesitate to email us at email@example.com.