Frequently Asked Questions on Data Transfers

These Frequently Asked Questions set out the data protection mechanisms used by Verizon Media EMEA Limited (Verizon Media) when transferring personal data from customers and users residing in the European Union and the European Economic Area (EU/EEA) to other regions.

What did the Court of Justice of the European Union ("CJEU") rule in the Schrems II judgment?

On July 16, 2020, the CJEU invalidated the EU-US Privacy Shield framework, one of the mechanisms that enabled organisations based in the EU/EEA to transfer personal data to organisations based in the United States. Other mechanisms to transfer personal data outside the EU/EEA (for example, Standard Contractual Clauses ("SCCs") and Binding Corporate Rules) remain valid.

The CJEU also said that additional safeguards may be required when the laws around access to personal data by public authorities in the recipient country do not ensure a level of protection essentially equivalent to that guaranteed within the EU/EEA. 

Does Verizon Media transfer data outside of the EU/EEA? If yes, to which countries?

As stated in our Privacy Policy, we transfer personal data to our affiliates and third party suppliers that are established in countries outside of the EU/EEA. 

When we transfer data to our affiliates, the countries to which we transfer personal data are: United States, Canada, Singapore, Taiwan, and Israel.

What data protection mechanisms does Verizon Media use when transferring personal data outside of the EEA/EU?

As stated in our Privacy Policy, when Verizon Media transfers personal data outside of the EU/EEA, we rely on the following mechanisms:

  • adequacy decisions adopted by the European Commission. For example, these enable Verizon media to transfer personal data to Israel and to businesses in Canada.
  • SCCs adopted by the European Commission 

Before the decision from the CJEU, we had used Privacy Shield as a mechanism for transferring EU/EEA personal data to companies based in the United States that were certified under the EU-US & Swiss-US Privacy Shield Programme. We are working with those companies to establish alternative data protection mechanisms. 

How does Verizon Media provide a level of data protection in third countries where we store data similar to that afforded in the EU/EEA?

Where we transfer personal data to third countries, Verizon Media and our affiliates continually evaluate the level of protection in place and have a range of technical and organisational controls in place to ensure an adequate level of protection. In addition to the contractual safeguards in the SCCs we use, some of the additional safeguards we have in place include encryption throughout our environment, access controls and specific data protection training to employees. We also have a robust process to handle data requests from government authorities (see below). Verizon Media looks forward to regulatory guidance from the European Data Protection Board in relation to additional safeguards which organisations might put in place following the CJEU ruling.

What is Verizon Media's approach to government requests for access to data?

Verizon Media and its affiliates carefully review all government requests and only disclose data where we have received valid legal process, or in limited emergency situations where disclosure without delay is necessary to prevent imminent danger of death or serious physical injury. All government data requests are assessed in accordance with the following three global principles:

  1. Minimise disclosure of user data and restrictions to freedom of expression online 
  2. Protect human rights, including the rights to privacy and freedom of expression 
  3. Be accountable and transparent with our users 

To ensure full accountability and transparency with our users, Verizon Media publishes a bi-annual Transparency Report. This Report contains information relating to our responses to requests from government authorities in relation to law enforcement and national security. For more information, please visit our Transparency Report page.

Do Verizon Media and its affiliates reject requests for data from U.S. government bodies?

When we receive a request for personal data from a government body, we carefully review the scope of data to be provided and interpret the request narrowly to disclose the least amount of data necessary to comply with the request. We have previously refused or objected, and will continue to reject or object to, requests that are overbroad or inconsistent with the applicable laws.  

How can I obtain further information from Verizon Media?

For general information about how Verizon Media collects, uses and shares data, or to contact our Customer Support team or our Data Protection Officer, please visit our Privacy Centre.  If you are a business partner of Verizon Media, please reach out to your Verizon Media point of contact.