Recently the Court of Justice of the European Union issued a decision in the “Schrems II” case (Data Protection Commissioner v. Facebook Ireland & Schrems), which confirmed that standard contractual clauses can be a legitimate mechanism for transferring data from the European Union to the United States, while invalidating the Privacy Shield framework.
In anticipation of this outcome, we have had overlapping protections in place for several years which ensure our European customers’ compliance with international data transfer laws by relying primarily on standard contractual clauses executed through our Data Processing Addendum (DPA). Our DPA is available to all of our customers on free and paid plans. Slack customers can continue to use Slack in compliance with European law.
We are sharing this blog post today to highlight some of our safeguards and supplementary measures put in place to protect our customers from unauthorized access to their data.
We deeply value your trust and take the protection of your information very seriously. To learn more about our commitment to protecting the security and privacy of your data, please visit our Trust Center. The Trust Center contains more information about our enterprise-grade security program, which protects our organization and your data at every level while applying the same standard of protection across the globe, including in the U.S. Please see Slack’s security white paper for more information on our encryption standards and other technical and organizational measures in place.
We do not voluntarily provide governments with access to any data about users for surveillance purposes. Occasionally we get requests for access to data from law enforcement, and our standard is to carefully scrutinize each request and respond with the minimum amount of information in response to legitimate, legally mandated requests. Please see our Data Request Policy and Transparency Report for more information on the measures we put in place to protect you from unlawful surveillance or disclosure of your personal information.
Slack gives customers control over their data by offering tooling solutions and other features that provide more granular control and access to your data, including:
- Enterprise Key Management: Complete control and visibility of access to your data in Slack using your own encryption keys (available on Enterprise Grid).
- Data residency: Data residency for Slack allows global teams to choose the region where certain types of data at rest are stored, while fulfilling corporate policies and compliance requirements (available on Plus and Enterprise Grid). Please review our Help Center pages for more details on which data is stored at rest within the customer’s selected region.
We are committed to ensuring that our customers’ data can continue to flow freely between the EU and the U.S., and we will continue to partner with regulators, industry groups and similarly situated SaaS companies to make sure our customers’ needs are met.
If you have any questions, please reach out to firstname.lastname@example.org.