Update from Marketo on the EU-US Safe Harbor Framework
Marketo takes privacy very seriously. We treat the data that our customers collect and use on our platform with the utmost sensitivity and employ strict policies and protections to help ensure the privacy of that information. With the recent invalidation of the Safe Harbor framework, we are offering our customers a data processing addendum (DPA) to our services agreement that incorporates the European Commission’s standard contractual clauses to allow compliance with European Union (EU) data protection law for the transfer of personal data. Marketo has pre-signed the DPA. For your convenience, a version of the DPA that can be executed through EchoSign is available here. Alternatively, a copy of the DPA can be downloaded from this page, signed and returned via email.
What is the EU-US Safe Harbor Framework?
The U.S. Department of Commerce and the European Commission agreed on a framework of data protection principles (the “Safe Harbor Framework”) that allowed companies in the U.S. to receive and process personal data from the EU. Marketo is certified under the Safe Harbor Program and many of our customers relied on Marketo’s certification for their compliance with EU data transfer laws. Additional information about the EU-US Safe Harbor Framework is available at the U.S. Department of Commerce’s Web site.
What did the European Court of Justice decide regarding the EU-US Safe Harbor Framework?
On October 6, 2015, the European Court of Justice (ECJ) issued a decision that invalidated the Safe Harbor Framework thereby ruling that the framework does not provide a valid legal basis for personal data transfers from Europe to the U.S.
What does the decision to invalidate the Safe Harbor Framework mean for my company’s use of Marketo services?
In the absence of Safe Harbor, companies transferring and receiving personal data from the EU can also comply with EU privacy law by signing standard contractual clauses, which consist of a set of contractual terms that have been approved by the European Commission. Marketo is making a DPA available to customers that incorporates these approved clauses into their Marketo services agreement. We do not require our customers to agree to the clauses, but want to offer this option in order to give our customers an additional path to meeting requirements under EU data protection laws.
How does my company incorporate the addendum to our Marketo services contract?
If e-signatures are accepted in your jurisdiction, Marketo offers a pre-signed DPA for execution through Echosign. An authorized representative from your company should complete all required information and sign the DPA. Upon clicking the “Click to Sign” link, a copy of the fully executed document will be sent to Marketo and to the signer.
Alternatively, the pre-signed DPA may be downloaded, printed, completed, signed and returned to Marketo via email per the instructions on the DPA.
What if I have additional questions?
Should you have questions about the Marketo DPA, please contact your Marketo Customer Account Manager or open a support case via the Marketo Support Portal at support.marketo.com.