The EU Commission and United States have confirmed a new adequacy decision for transatlantic data flows to the United States. While this does not impact Showbie directly as a Canadian company, we will review our partnership with US-based sub-processors to ensure the continued security of our customer data.
Showbie places a high priority on data protection and privacy for our users around the globe. We understand that our users, especially those residing in the European Union (EU), have concerns regarding the applicability of the EU-U.S. Data Privacy Framework (DPF) to Showbie. We would like to clarify that as a Canadian company, the EU-U.S. DPF does not have a direct impact on Showbie. We adhere to the data protection laws and regulations set forth by the Canadian government and the EU Commission reaffirmed the adequacy decision for Canada in 2019. We do, however, work with several US-based sub-processors and will review the implications of compliance and certification with the EU-U.S. DPF in our continued work with these companies.
We place immense importance on safeguarding the personal data of our users. When we engage with third-party sub-processors to assist in providing our services, we thoroughly vet them to ensure that they uphold strict data protection measures and adhere to applicable laws. To date, this has included the required use of EU Standard Contractual Clauses (SCCs) as the transfer mechanism for data transfers between the EU and U.S. As of July 17th, 2023, organizations that self-certify may begin relying on the EU-U.S. DPF to receive data transfers from the EU instead. Additional steps may be taken by organizations to rely on the UK Extension and the Swiss-U.S. DPF as well.
As of December 1, 2023, all of Showbie's US-based sub-processors are confirmed to be active participants of the EU-U.S. DPF and the UK Extension with the exception of Customer.io. We are in communication with Customer.io regarding their continued progress towards compliance. In the interim, data transfers to and from Customer.io remain protected via Standard Contractual Clauses.