- Privacy Shield
ORBCOMM’s Commitment to Privacy Regulations including the GDPR in light of the invalidation of Privacy Shield, Schrems II & Meta data transfer rulings.
ORBCOMM is committed to complying with the obligations set forth in the GDPR and the various rulings of the Court of Justice of the European Union issued a ruling which invalidated the validity of the EU-US Privacy Shield program under which the transfer of an EU resident’s Personal Data could be transferred to the United States. On 4 June 2021, the European Commission adopted implementing Decision 914/2021/EU on standard contractual clauses for the transfer of personal data to third countries pursuant Regulation (EU) 679/2016. In addition the Irish Data Protection Commission (“DPC”) recently held in an inquiry related to the transfer of Personal Information to the United States by the Facebook service. The decision states that Meta Ireland infringed Article 46(1) GDPR when it continued to transfer personal data from the EU/EEA to the USA following the delivery of the CJEU’s judgment in Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems despite obtaining the direct consent of its customers and the implementation of updated Standard Contractual Clauses (“SCCs”) that were adopted by the European Commission in 2021 along the implementation of supplementary measures.
ORBCOMM is committed to maintaining its high standards of data security, transparency in the use of personal data. We make protecting and managing data a priority, in accordance with accepted industry standards and applicable regulations.
Where Do We Stand?
We are committed to the ongoing compliance with GDPR data protection requirements which apply to ORBCOMM as a data processor or controller, when applicable and to ORBCOMM affiliates in the United States as a data importer. The following have been critical to our ongoing compliance efforts:
International data transfers: ORBCOMM originally participated in both the Safe Harbor and Privacy Shield regimes for international transfers of Personal Data regarding transfers of data from the EU to the United States. With the guidance by the European Commission in support of Standard Contract Clauses (SCC) in place of the now-invalidated Privacy Shield framework and implementation of supplementary measures, ORBCOMM is continuously working to enhance our compliance with GDPR.
Data portability: The GDPR includes certain requirements on data processors and controllers for the portability of Personal Data. Our Data Processing Agreements include provisions that make clear our role as a data processor and commits our customers, as the data controllers, to complying with applicable laws, rules and regulations. ORBCOMM provides the portability of that data and we are continually enhancing and improving our systems to meet our customer’s needs, including such mechanisms as encryption, multiple security layers, and other standard industry approaches.
Version: June, 2023