EU-US Data Privacy Framework and Adequacy Decision

By Shannon Ralich, Vice President, Associate General Counsel, Privacy, Product, Employment, Litigation & IP

Last updated July 28, 2023

Zendesk has long been committed to delivering trustworthy products to our customers and their users. We believe that trust is at the core of all our interactions with our customers.

Zendesk applauds the adoption of the adequacy decision for the EU-US Data Privacy Framework by the European Commission. This provides greater legal certainty to thousands of companies that depend on EU-US data transfers. Zendesk maintained our certification to the Privacy Shield Framework, which enables a quick transition to the new Framework. Zendesk is currently taking steps to complete the transition. To learn more about the Data Privacy Framework and to view our certification, please visit:


After the Schrems II decision in July 2020, Zendesk highlighted the numerous security and privacy measures it takes to secure customer data, including Zendesk’s long-held Binding Corporate Rules (“BCR”), which provide an additional transfer mechanism and protections that remain valid.

What does the new EU-US Data Privacy Framework address?

The EU-US Data Privacy Framework addresses two concerns of the European Court of Justice: (1) scope and proportionality of U.S. security surveillance activities; (2) availability of redress mechanisms for EU individuals. The European Commission’s statement on the updated EU-US Data Privacy Framework is available here.

Have questions? Please contact your Zendesk account executive or the Zendesk privacy team at