On July 16, 2020, the Court of Justice of the European Union issued a ruling that invalidated the US-EU Privacy Shield framework that has been widely used by US companies as a legal framework for managing data from the EU. This ruling has necessitated many businesses to reexamine the legal mechanisms governing the management of their data. We’ve addressed what this ruling means broadly for Twilio and SendGrid customers in a blog post we published shortly after the ruling was announced, but it’s worth calling out what this ruling means to SendGrid users specifically.

It’s important to note that the same ruling that found Privacy Shield to be invalid upheld Standard Contractual Clauses (SCCs) as a valid data transfer mechanism. As a SendGrid customer, your account is already covered by the Twilio Data Protection Addendum, which incorporates the Standard Contractual Clauses in section 14.4. So, by agreeing to our Terms and Conditions you’ve already agreed to the Data Protection Addendum and therefore the Standard Contractual Clauses. If you’re working with a legal team that requires a signed document, please contact privacy@twilio.com with your request.

At Twilio, we take our responsibility to safeguard the personal data of our customers seriously, regardless of where that personal data originates or the location of the facilities where we process it. Please see our support article about additional measures we take to ensure we protect customer personal data.

As always, we will continue to watch closely for further guidance from EU data protection authorities in light of this decision regarding how to best provide service to customers impacted by it.



Sheila Jambekar
Sheila is Deputy General Counsel and Twilio’s DPO. She’s passionate about privacy and data protection.