Is Netlify part of EU-U.S. Privacy Shield Program?

Is Netlify part of EU-U.S. Privacy Shield Program?
Can’t find the company in the privacy shield list.

hey @david-szabo97 the information I have on this is that we applied to be on the list about ~18 months ago, and we have received confirmation that our application was received, and that we have not been rejected or informed that we are not compliant in any way since we applied. We have not been added to the list (I do not have information on when it was last updated or how often they update the list) and we are acting in accordance with guidelines as if we were added to the list in all applicable areas.

Hope this helps…

I’ve just had a look at the list and Netlify is still not on it. Are there any updates on this?

We don’t have an update yet. Our status is still the same – applied, not rejected and still awaiting an update from the program. We did apply to be added to the list before GDPR was went in to effect and we’ll look into why we aren’t on the list shortly.

Hi, any update on this? We love Netlify but this is currently a dealbreaker for our customer.

Hello @simonme

Our Privacy Shield application is currently under review by the Department of Commerce. Once it has been approved, it will be listed publicly here:

Exciting update @simonme @geewee @david-szabo97: as of 02/13/2020, Netlify is now Privacy Shield certified. Our certification is listed in US DoC site:


Hello, I just received this email from Google:

We are writing to inform you of changes we’ve made to the G Suite/Cloud Identity Data Processing Amendment (DPA) in response to a Court of Justice of the European Union (CJEU) ruling on July 16, 2020. The CJEU ruling invalidated the EU-US Privacy Shield Framework but did not invalidate EU Model Contract Clauses (MCCs, also known as Standard Contractual Clauses) as a lawful transfer mechanism for personal data transferred outside of the EU, Switzerland or the UK (as applicable).

Since Netlify is also part of this (invalidated) privacy shield, what will it mean for us european users now?
Nothing will change, or maybe we’ll have to sign a new agreement to keep our websites on Netlify, or will the use of Netlify may become “illegal” and we’ll be forced to move our websites to other providers?

Hey @Cesco,

Our response on this matter is currently as follows:

No, Netlify can still hold such data. Netlify Data Processing Agreement (DPA) contains Standard Contractual Contract (SCC) languages that were provided by the EU commission to transfer data to establishment outside of the EU or European Economic Area. The SCC applies for both data controllers and processors. If you have signed a DPA with Netlify, no further action is required from you.

1 Like

Thank you very much! :heart:

1 Like