EDIT: Sophos Connect telemetry collection DOES NOT break EU GDPR Laws

Question

Please be aware that telemetry data collection user have to agree during installation MUST be optional. Also sending this data to not EU servers is not lawful anymore https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091de.pdf

Changed subject to reflect corrected information
[locked by: AlanT at 8:13 PM (GMT -7) on 22 Sep 2020]

AlanT · Accepted Answer

Hi Tom, 
 This is an important topic, and you're entitled to your concerns, but this is a public forum, and opinion can be perceived as fact, all to easily. For that resason, I want to leave this thread with no doubt for others. In this case, the facts are very clear. 
 The Privacy Shield verdict does not apply to Sophos. Privacy Shield is a framework for data sharing with the EU and a number of countries, and that framework was invalidated in a recent ruling. However, GDPR allows for PII data to be shared outside of the EU, so long as proper safeguards are taken. This verdict is not a ruling against transmitting data to the US, only that the Privacy Shield framework does not meet the clearly defined GDPR standards, and cannot be used as a method to comply with GDPR. Sophos has made every effort to comply with GDPR standards, and is not reliant on Privacy Shield&rsquo;s framework. 
 But even if you are still in doubt, GDPR applies only to PII data. Sophos Connect telemetry does not contain PII data, and is not subject to GDPR. Sophos is able to legally transmit PII out of the EU by ensuring that GDPR regulations are followed, but with Sophos Connect telemetry, no PII is involved. 
 If you still have concerns, please contact me over PM, or you can raise your concerns directly with our compliance team, at dataprotection@sophos.com .

EDIT: Sophos Connect telemetry collection DOES NOT break EU GDPR Laws

Top Replies