When Zoom moves personal data from the EU, UK, or Switzerland to other countries (including the US), it states it uses Standard Contractual Clauses, a legal mechanism approved by EU regulators, to maintain data protection standards during that transfer.
This analysis describes what Zoom's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision governs how EU, UK, and Swiss users' personal data is legally protected when transferred to Zoom's servers or operations outside those regions. Standard Contractual Clauses are a standard but operationally significant mechanism that requires Zoom to provide contractual data protection commitments.
Removal of explicit mention of Standard Contractual Clauses and specific safeguards for international data transfers reduces transparency about GDPR/UK-GDPR compliance mechanisms for cross-border data flows.
View full change record →EU, UK, and Swiss users' personal data is transferred internationally under Standard Contractual Clauses, which are the primary legal mechanism Zoom asserts for these transfers. The practical protection offered depends on Zoom's implementation of these clauses and any supplementary measures in place.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Your personal information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.
Your personal information may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, which may have data protection laws that are different from those in your country.
Monitoring
Zoom has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"When we transfer personal data outside of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses approved by the European Commission, to ensure that your personal data is protected.— Excerpt from Zoom's Zoom Privacy Statement
REGULATORY LANDSCAPE: This provision directly engages GDPR Chapter V requirements for international data transfers, including the European Commission's adequacy decisions and Standard Contractual Clauses. Following Schrems II, transfer impact assessments (TIAs) are required alongside SCCs. The UK Information Commissioner's Office (ICO) has its own international transfer framework (IDTA) that may apply for UK-specific transfers. Swiss Federal Act on Data Protection also applies. GOVERNANCE EXPOSURE: Medium. Reliance on SCCs is a standard industry mechanism, but the operational validity of SCCs depends on current transfer impact assessments and supplementary measures. Organizations that process EU/UK personal data through Zoom should verify that Zoom's DPA and SCC documentation is current and accessible. JURISDICTION FLAGS: EU and UK organizations have primary exposure. Post-Schrems II requirements mean that SCCs alone may be insufficient without documented TIAs. Switzerland has its own transfer requirements under the revised FADP. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers subject to GDPR should request Zoom's current Data Processing Agreement and SCC documentation. Procurement teams should verify that the SCC version referenced is the 2021 European Commission standard form, as older versions are no longer valid. COMPLIANCE CONSIDERATIONS: Organizations should maintain records of their reliance on Zoom's SCCs as part of their Article 30 records of processing activities. Transfer impact assessments should be documented and reviewed periodically, particularly given ongoing regulatory scrutiny of US-based cloud providers.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision governs how EU, UK, and Swiss users' personal data is legally protected when transferred to Zoom's servers or operations outside those regions. Standard Contractual Clauses are a standard but operationally significant mechanism that requires Zoom to provide contractual data protection commitments.
EU, UK, and Swiss users' personal data is transferred internationally under Standard Contractual Clauses, which are the primary legal mechanism Zoom asserts for these transfers. The practical protection offered depends on Zoom's implementation of these clauses and any supplementary measures in place.
ConductAtlas has identified this type of provision across 5 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Zoom.