Datadog may transfer personal data internationally, including to the United States, and states it uses EU Standard Contractual Clauses for transfers from the European Economic Area and participates in the APEC Cross-Border Privacy Rules system.
This analysis describes what Datadog's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy identifies Standard Contractual Clauses as the primary transfer mechanism for EEA personal data, which requires Datadog to conduct transfer impact assessments where required and to maintain compliant SCC documentation; APEC CBPR participation provides a separate framework for Asia-Pacific transfers.
Interpretive note: The policy does not specify which SCC module versions are used or whether transfer impact assessments have been conducted, creating uncertainty about full GDPR Chapter V compliance posture.
Personal data from EU, EEA, and UK users may be transferred to the United States and other countries; the policy states that Standard Contractual Clauses are used as the legal transfer mechanism for EEA data, though the adequacy of protections in recipient countries depends on jurisdiction-specific assessments.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Your personal information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.
Your personal information may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, which may have data protection laws that are different from those in your country.
Monitoring
Datadog has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Datadog is a global company, and we may transfer your personal data to Datadog entities and to third parties in countries other than your own country, including the United States. We use Standard Contractual Clauses approved by the European Commission to transfer personal data from the European Economic Area to other countries. We also participate in the APEC Cross Border Privacy Rules system.— Excerpt from Datadog's Datadog Privacy Policy
REGULATORY LANDSCAPE: International transfers of EEA personal data engage GDPR Chapter V (Articles 44-49), including requirements for transfer impact assessments following the Schrems II ruling, and UK GDPR transfer requirements including the UK International Data Transfer Agreement. The APEC CBPR system provides a framework for transfers involving APEC economies. EU data protection authorities and the UK ICO are primary enforcement bodies. GOVERNANCE EXPOSURE: Medium. The policy's reliance on Standard Contractual Clauses as the stated transfer mechanism is a recognized and commonly used approach; however, post-Schrems II requirements mean that transfer impact assessments should be conducted and documented, and the EU-US Data Privacy Framework (where applicable) may provide an alternative or supplementary basis. The policy does not specify which updated SCC modules (2021 versions) are used. JURISDICTION FLAGS: EEA and UK organizations transferring personal data to Datadog bear primary responsibility for ensuring that the SCCs or UK IDTA are correctly executed and that transfer impact assessments are documented. Swiss organizations face additional requirements under the revised Federal Act on Data Protection. APEC member economies each have varying levels of CBPR implementation. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers with EEA or UK data must confirm that the executed DPA incorporates current SCC modules appropriate to the controller-to-processor transfer scenario, and that Datadog's subprocessor agreements also include appropriate transfer mechanisms. Any changes to Datadog's subprocessor list or data center locations should trigger a review of transfer adequacy. COMPLIANCE CONSIDERATIONS: Legal teams should request confirmation of which SCC module versions are in use and whether Datadog has conducted or made available transfer impact assessments for US transfers. Organizations subject to UK GDPR should confirm that a UK IDTA or addendum is in place in addition to EU SCCs.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy identifies Standard Contractual Clauses as the primary transfer mechanism for EEA personal data, which requires Datadog to conduct transfer impact assessments where required and to maintain compliant SCC documentation; APEC CBPR participation provides a separate framework for Asia-Pacific transfers.
Personal data from EU, EEA, and UK users may be transferred to the United States and other countries; the policy states that Standard Contractual Clauses are used as the legal transfer mechanism for EEA data, though the adequacy of protections in recipient countries depends on jurisdiction-specific assessments.
ConductAtlas has identified this type of provision across 55 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Datadog.