Transferring personal data out of Europe: updating Zoom’s DPA

Every day, Zoom’s platform connects millions of people from around the world.  To deliver our services, we may sometimes need to transfer customer data across international borders. Zoom's Data Processing Agreement (DPA) includes special provisions drafted by the European Commission called the “Standard Contractual Clauses” or “SCCs,” that outline the procedure for when European resident data — including residents of the United Kingdom (UK) — are involved in these transfers and subsequently leaves Europe. Due to changes to the SCCs, we are providing this information and instructions for Zoom customers using Zoom to process European resident data and that have a DPA that needs to be updated with new SCCs as described in detail below. 

The SCCs have been updated (see the new SCCs) and companies have until 27 December 2022 to update their DPAs accordingly. These new SCCs introduce stronger data protection, such as “know-your-transfer” obligations, that require parties to conduct a case-by-case assessment of the legality of each data transfer. Such an assessment is called a “Data Transfer Impact Assessment” or “DTIA.”

Zoom incorporated the new SCCs in Zoom’s DPA in February 2022, meaning those Zoom customers whose use of the Zoom services is governed by Zoom’s online Terms of Service from that time are protected by the new SCCs. No further action is required for these customers. 

For customers whose DPAs still contain the old SCCs:

1. Customers who have purchased online or have executed a Zoom quote with Zoom may choose to execute Zoom’s updated DPA using the instructions provided below.
2. Customers who have executed a Master Subscription Agreement and separate Data Processing Agreement with Zoom may update their agreement by contacting their sales executive. If you need assistance contacting your sales executive, please contact Zoom Support.

Following a successful collaboration between Zoom and the Dutch government,  Zoom updated its standard global DPA in February 2022 to include improved protections and transparency commitments such as enhanced audit rights, clarification of controller and processor roles and obligations, strengthened protections around government access requests, and increased operational flexibility. These changes were built on the existing robust safeguards that Zoom offers. Together with our Transparency Report and DTIA, these changes offer Zoom customers the tools they need to understand our data protection practices. 

Companies who have purchased online or have executed a Zoom quote with Zoom that wish to replace their existing DPA with Zoom’s updated DPA can click this link. 

The signing authority of your organization is the appropriate person to sign the new DPA. If you are not sure, please check with your legal team.

Zoom’s updated DPA accounts for the U.K.'s GDPR requirements and includes the appropriate U.K. transfer mechanisms. 

If you signed with Zoom for the first time prior to September 2021, chances are you have a version with the old SCCs and you can choose to replace that DPA with Zoom’s new and improved DPA. 

Please contact your sales executive who will work with you to update your DPA accordingly. If you need assistance, please contact Zoom Support.

The short answer is no. The SCC version included in your DPA does not have a direct impact on the provision of Zoom’s services. 

You may be eligible to leverage this process if you meet the following criteria:

• You are subject to compliance with the European Union’s General Data Protection Regulation (GDPR)
• You purchased Zoom services online or executed a Zoom quote with Zoom prior to February 2022

If you need assistance contacting your sales executive, please contact Zoom Support. For additional questions please contact privacy@zoom.us