This provision incorporates the European Commission's Standard Contractual Clauses as the legal mechanism for transferring EU/EEA/UK personal data to Perplexity's US-based infrastructure, in the absence of an adequacy decision covering that transfer.
This analysis describes what Perplexity AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The SCCs provide the contractual transfer mechanism required under GDPR Chapter V, but following the CJEU's Schrems II decision, customers must also conduct Transfer Impact Assessments to verify that supplementary measures are in place where US law may impair the SCCs' protections.
Interpretive note: The specific SCC module designation and whether Perplexity participates in the EU-US Data Privacy Framework as a supplementary or alternative transfer mechanism were not fully recoverable from the rendered HTML.
Under this clause, personal data from EU/EEA users processed through the Perplexity platform may be transferred to the United States under the incorporated SCCs; customers acting as controllers remain responsible for conducting transfer impact assessments to validate those transfers under applicable GDPR guidance.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Your personal information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.
Your personal information may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, which may have data protection laws that are different from those in your country.
Monitoring
Perplexity AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"To the extent that Perplexity transfers Personal Data from the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, the parties agree that the Standard Contractual Clauses adopted by the European Commission shall apply and are incorporated by reference into this DPA.— Excerpt from Perplexity AI's Perplexity Data Processing Addendum
REGULATORY LANDSCAPE: This provision engages GDPR Article 46(2)(c) (Standard Contractual Clauses) and the CJEU's Schrems II ruling (Case C-311/18), which requires supplementary measures analysis for transfers to countries where national law may undermine SCC protections, including the US. The relevant enforcement authorities are EU supervisory authorities and the UK ICO (for UK GDPR). The European Data Protection Board's Recommendations 01/2020 on supplementary measures are directly applicable. GOVERNANCE EXPOSURE: High. Reliance on SCCs alone without documented Transfer Impact Assessments is a known area of regulatory focus across EU member state DPAs. Customers using the Perplexity platform for processing EU personal data must document their TIA findings and identify any supplementary measures (encryption, pseudonymization, contractual controls) that support the transfer. JURISDICTION FLAGS: EU/EEA and UK jurisdictions create primary exposure. Swiss data protection law (revised Federal Act on Data Protection, in force September 2023) requires equivalent transfer mechanisms. Organizations in Germany, France, and the Netherlands have faced enforcement scrutiny on SCC-based US transfers. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should confirm which SCC module applies (Module 2: controller-to-processor, or Module 3: processor-to-processor) depending on the customer's own role in the data chain. The DPA should specify the applicable module, the competent supervisory authority, and the governing law for SCC disputes. COMPLIANCE CONSIDERATIONS: Legal teams should prepare and document TIAs for Perplexity-related EU data transfers, assess whether Perplexity participates in the EU-US Data Privacy Framework (which would provide an alternative adequacy-based transfer mechanism), and confirm that the incorporated SCC version is the current 2021 European Commission version rather than the superseded 2010 clauses.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The SCCs provide the contractual transfer mechanism required under GDPR Chapter V, but following the CJEU's Schrems II decision, customers must also conduct Transfer Impact Assessments to verify that supplementary measures are in place where US law may impair the SCCs' protections.
Under this clause, personal data from EU/EEA users processed through the Perplexity platform may be transferred to the United States under the incorporated SCCs; customers acting as controllers remain responsible for conducting transfer impact assessments to validate those transfers under applicable GDPR guidance.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Perplexity AI.