On July 16, the Court of Justice of the European Union issued a ruling which invalidated the validity of the EU-US Privacy Shield program under which the transfer of an EU resident’s Personal Data could be transferred to the United States. On 4 June 2021, the European Commission adopted two implementing decisions containing standard contractual clauses for the processing and transfer of personal data in compliance with the GDPR.
ORBCOMM is committed to maintaining its high standards of data security, transparency in the use of personal data. We make protecting and managing data a priority, in accordance with accepted industry standards and applicable regulations.
Where Do We Stand?
We are committed to the ongoing compliance with GDPR data protection requirements which apply to ORBCOMM as a data processor or controller, when applicable and to ORBCOMM affiliates in the United States as a data importer. The following have been critical to our ongoing compliance efforts:
International data transfers: ORBCOMM originally participated in both the Safe Harbor and Privacy Shield regimes for international transfers of Personal Data regarding transfers of data from the EU to the United States. With the new guidance by the European Commission in support of Standard Contract Clauses (SCC) in place of the now-invalidated Privacy Shield framework, ORBCOMM is implementing SCCs to solidify our compliance with the requirements of GDPR.
Data portability: The GDPR includes certain requirements on data processors and controllers for the portability of Personal Data. Our Data Processing Agreements include provisions that make clear our role as a data processor and commits our customers, as the data controllers, to complying with applicable laws, rules and regulations. ORBCOMM provides the portability of that data and we are continually enhancing and improving our systems to meet our customer’s needs, including such mechanisms as encryption, multiple security layers, and other standard industry approaches.