At the time of this statement, SurveyMonkey did not receive any directive under FISA 702 and has no reason to believe that such a directive would be applied to SurveyMonkey. The personal data that SurveyMonkey processes for our clients – feedback data – is highly unlikely for foreign intelligence activities governed by FISA-702. In addition, if such personal information is relevant to such an investigation, it is more likely that the government will request data on other forms of judicial proceedings (. B, for example, a search warrant authorized by a judge) that meet the government`s high standards of access to the data described in Schrems II. This is because it would be much quicker and easier for the government to request an arrest order or warrant, including as FISA No. 702, than to create the necessary mechanisms for the government to put in place guidelines on SurveyMonkey in accordance with FISA No. 702. Some SurveyMonkey customers (z.B. Usabilla customers) have only stored their data in the European Union. In these cases, the data is not stored in the United States and access to this data is very limited in the United States for very limited purposes (for example. B to provide on-demand customer support or restricted technical access may be required to solve technical problems/errors or to build systems).
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal data of people living in the European Union (EU). SurveyMonkey encrypts all dormant data in our data centers with AES 256-based encryption. In addition, SurveyMonkey encrypts all moving data with (i) RSA with 2048-bit certificates generated by a public certification body to communicate with entities outside the SurveyMonkey data centers and (ii) the RSA 256 certificates generated by the internal certification body for all data center data. These encryption efforts prevent the acquisition of European data in an understandable form when a public authority or other third parties have physical access to the hosting and computer environment or transmission mechanisms (including. B servers, wires and cables). They also prevent law enforcement authorities or U.S. intelligence agencies from tracking or intercepting data transfers between the two arrival points, even though the data is in transmission or memory. SurveyMonkey also recognizes that on the basis of a contract to provide data access in accordance with FISA No. 702, SurveyMonkey should inform our customers that we can no longer comply with standard contractual clauses so that they can announce their contract with us and suspend the data flow.