When Zoom moves personal data from the EU, UK, or Switzerland to other countries (including the US), it states it uses Standard Contractual Clauses, a legal mechanism approved by EU regulators, to maintain data protection standards during that transfer.
This analysis describes what Zoom's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision governs how EU, UK, and Swiss users' personal data is legally protected when transferred to Zoom's servers or operations outside those regions. Standard Contractual Clauses are a standard but operationally significant mechanism that requires Zoom to provide contractual data protection commitments.
EU, UK, and Swiss users' personal data is transferred internationally under Standard Contractual Clauses, which are the primary legal mechanism Zoom asserts for these transfers. The practical protection offered depends on Zoom's implementation of these clauses and any supplementary measures in place.
How other platforms handle this
Personal data collected by Unity may be transferred to and processed in countries outside of the European Economic Area, including the United States, where data protection laws may differ from those in your country. Where we transfer personal data from the EEA or the UK, we rely on appropriate safeg...
When we transfer personal data outside the European Economic Area, United Kingdom, or Switzerland, we use appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure your data is protected.
We may transfer, process, and store all personal information we collect anywhere in the world. Different countries have different data protection laws. If we transfer personal information from the European Economic Area, Switzerland, Brazil and/or the United Kingdom to a country that does not provid...
Monitoring
Zoom has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"When we transfer personal data outside of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses approved by the European Commission, to ensure that your personal data is protected.— Excerpt from Zoom's Zoom Privacy Statement
REGULATORY LANDSCAPE: This provision directly engages GDPR Chapter V requirements for international data transfers, including the European Commission's adequacy decisions and Standard Contractual Clauses. Following Schrems II, transfer impact assessments (TIAs) are required alongside SCCs. The UK Information Commissioner's Office (ICO) has its own international transfer framework (IDTA) that may apply for UK-specific transfers. Swiss Federal Act on Data Protection also applies. GOVERNANCE EXPOSURE: Medium. Reliance on SCCs is a standard industry mechanism, but the operational validity of SCCs depends on current transfer impact assessments and supplementary measures. Organizations that process EU/UK personal data through Zoom should verify that Zoom's DPA and SCC documentation is current and accessible. JURISDICTION FLAGS: EU and UK organizations have primary exposure. Post-Schrems II requirements mean that SCCs alone may be insufficient without documented TIAs. Switzerland has its own transfer requirements under the revised FADP. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers subject to GDPR should request Zoom's current Data Processing Agreement and SCC documentation. Procurement teams should verify that the SCC version referenced is the 2021 European Commission standard form, as older versions are no longer valid. COMPLIANCE CONSIDERATIONS: Organizations should maintain records of their reliance on Zoom's SCCs as part of their Article 30 records of processing activities. Transfer impact assessments should be documented and reviewed periodically, particularly given ongoing regulatory scrutiny of US-based cloud providers.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision governs how EU, UK, and Swiss users' personal data is legally protected when transferred to Zoom's servers or operations outside those regions. Standard Contractual Clauses are a standard but operationally significant mechanism that requires Zoom to provide contractual data protection commitments.
EU, UK, and Swiss users' personal data is transferred internationally under Standard Contractual Clauses, which are the primary legal mechanism Zoom asserts for these transfers. The practical protection offered depends on Zoom's implementation of these clauses and any supplementary measures in place.
ConductAtlas has identified this type of provision across 4 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Zoom.