Equinix Achieves Binding Corporate Rules Compliance for Safeguarding Personal Data Transfers from Europe

REDWOOD CITY, Calif., Nov. 11, 2019 /PRNewswire/ -- Equinix, Inc. (Nasdaq: EQIX), the global interconnection and data center company, today announced that it has completed the rigorous process of Binding Corporate Rules (BCRs) approval by European Union (EU) regulators. In doing so, it becomes the first company to have its BCRs approved by the European Data Protection Board (EDPB) consisting of all 27 Member States set up under the new GDPR regime.

BCRs are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA, while adhering to the highest standards, as demanded by EU regulators. Achieving BCRs compliance ensures that the personal data flows that Equinix adopts to operate its global enterprise and support its global customer base are GDPR compliant. To achieve this, Equinix demonstrated its robust security parameters for obtaining, processing and storing personal data used in order to provide services to customers on its global platform.

The process to get the BCRs approved with the Information Commissioner's Office in the U.K. (ICO) as the lead data protection authority, was conducted against the backdrop of uncertainty around Brexit and complicating factors as to what a possible no deal exit from the EU may mean for the standing of the ICO and the current BCRs application.

The BCRs certification comes as governments around the world consider and implement data privacy regulations modeled after the GDPR, including locations where Equinix does business, such as in California and Brazil. By ensuring data privacy compliance in any market deployed, Equinix's global footprint enables its customers to conduct business in a way that can gain a competitive business advantage across the world's digital economy. Indeed, 86% of Equinix customers deploy in multiple markets, with 73% of them operating across multiple regions.

In an independent survey commissioned by Equinix of over 2,450 IT decision-makers across the world, the resulting need for a focus on data regulations was highlighted. 69% of IT decision-makers globally listed complying with data protection regulations as a top priority for their business, while 43% of IT decision-makers globally reported changing regulatory requirements around data privacy are a threat to their company.

Highlights / Key Facts

• The European Data Protection Board ensures the consistent application of GDPR throughout the European Economic Area and since GDPR took effect, has a role to play in approving Binding Corporate Rules (BCRs) applications.
• Historically, Equinix has used the EU Model Clauses in its inter-company agreements to facilitate such data transfers from the EU, which will continue to be in place, but the BCRs provide the added "gold standard" in providing adequate safeguards to enable intra-group transfers to meet operational requirements and to facilitate the transborder flow of data as necessary today to run a global enterprise.
• Following approval by the EDPB, the ICO as the lead data protection authority for Equinix's BCRs application, proceeded to formally approve and adopt the BCRs.
• Equinix's BCRs cover personal data transferred from legal entities of Equinix in the EU worldwide, including employee and business contact information, i.e., customer, partner, supplier and vendor information.
• These BCRs are a critical part of the overall Equinix Global Privacy Policy, that ensures data privacy compliance managed by the Equinix Privacy Office, and in a manner that supports Equinix's global corporate strategy.
• The full opinion issued by the EDPB can be viewed here: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_opinion_201915_equinixbcrs_en.pdf
• The full copy of the approved BCRs is available on the Equinix website at: https://www.equinix.com/company/legal/privacy/global-privacy-policy/

Quotes

• Peter Waters, SVP Legal EMEA and Chief Privacy Officer, Equinix :
  "As a company that helps facilitate the movement of data globally, we felt that seeking the highest standard of compliance around international transfers of personal data was the right approach for both Equinix and our global customer base, and that meant leveraging BCRs. As our BCRs were the first-ever to go through the process post-GDPR, we were put under scrutiny by the data protection regulators across the 27 EU member states. To have secured the approval of our BCRs in this context is a real success story. We believe this is an important milestone for Equinix in our own compliance strategy and for our global customers and partners who look to us to provide the security and trust required around how we operate our global enterprise."
• Russell Poole, Managing Director U.K., Equinix:
  "As the U.K. continues to prepare to leave the European Union, companies that leverage Equinix as a business partner can be confident that their personal data we obtain will continue to be protected to the high standards set by the European Union, regardless of what a final Brexit deal may look like. This will allow the seamless transfer of their personal data to continue unabated across Equinix's global platform."

About Equinix

Equinix, Inc. (Nasdaq: EQIX) connects the world's leading businesses to their customers, employees and partners inside the most-interconnected data centers. On this global platform for digital business, companies come together across more than 50 markets on five continents to reach everywhere, interconnect everyone and integrate everything they need to create their digital futures. www.equinix.com.

Forward-Looking Statements

This press release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially from expectations discussed in such forward-looking statements. Factors that might cause such differences include, but are not limited to, the challenges of acquiring, operating and constructing IBX data centers and developing, deploying and delivering Equinix products and solutions; unanticipated costs or difficulties relating to the integration of companies we have acquired or will acquire into Equinix; a failure to receive significant revenues from customers in recently built out or acquired data centers; a failure to complete any financing arrangements contemplated from time to time; competition from existing and new competitors; the ability to generate sufficient cash flow or otherwise obtain funds to repay new or outstanding indebtedness; the loss or decline in business from our key customers; risks related to our taxation as a REIT; and other risks described from time to time in Equinix filings with the Securities and Exchange Commission. In particular, see recent Equinix quarterly and annual reports filed with the Securities and Exchange Commission, copies of which are available upon request from Equinix. Equinix does not assume any obligation to update the forward-looking information contained in this press release.