Is there a Data Processing Agreement/Addendum on its way?

stadsarkiv · May 16, 2018, 11:17am

Hi. To comply with the upcoming GDPR, we are required to sign or at least confirm Data Processing Agreements/Addendums with all the services that we use (Auth0, Amazon…). Is Auth0 working on formulating a DPA or is it not deemed necessary? Thanks you!

Kind regards,

Claus

jerdog · May 22, 2018, 12:26am

We will have an updated policy this week.

khiem · May 23, 2018, 8:29pm

It says in this doc that the DPA is only available for Enterprise customers. Is that the current position that Auth0 is taking? The last time I checked the Enterprise Tier was starting at 18K annually, which is currently outside of our budget. Is there a more cost-friendly solution that is being considered for non-enterprise customers?

jerdog · May 23, 2018, 8:35pm

The full statement is:

Auth0 is responsible for:

Following the data processor’s instructions as explicated in the Subscription Agreement (SA) and Data Processing Addendum (DPA) (for enterprise customers) or Terms of Service (for self-service customers)

depending on if you’re a enterprise customer or self-service customer is where you’ll find the updated terms.

khiem · May 23, 2018, 8:52pm

Thanks for clarifying.

JonasM · October 8, 2018, 11:08am

@ jeremy.meiss thanks for clarifying but could you pls. explain why Auth0 makes a difference? I mean from a legal and business perspective.

For enterprise customers → DPA (Y)

For self-service customers → DPA (N)

Reason I ask:
We are a self-service customer at Auth0 and would like to sign a DPA with Auth0. From your sales team we get the information, that isn’t possible. But with all other companies (Atlassian, Microsoft etc.) we do have a DPA. Where / what is the difference?

Thanks

ORBAT · October 17, 2018, 3:16pm

I also found the policy a bit unclear. I’m also in the position where my company would (apparently?) need a signed DPA with Auth0, but can’t afford the enterprise package

jerdog · October 17, 2018, 4:04pm

@ORBAT and @JonasM - the clarification I received from our team is that standalone DPAs are only for enterprise customers. For all self service customers, applicable data protection terms are built into the agreement. For review, this is specifically addressed in Section 7 of the Terms of Service (Identity Platform Terms of Service - Auth0), and in particular Section 7.11 and Exhibit A. These provisions fulfill the requirements of Article 28.3 of the GDPR, which is the requirement for a legally binding contract between a controller (the customer) and a processor (Auth0).

JonasM · October 24, 2018, 2:42pm

Thanks @jerdog

system · August 27, 2019, 1:38pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Data Processing Addendum Get Help gdpr , security-compliance	2	1699	July 20, 2023
GDPR FAQ for Auth0 Customers Knowledge Articles gdpr	1	6804	June 2, 2018
Copy of Data Processing Addendum (DPA) Knowledge Articles dpa	1	2974	November 3, 2022
Has there been a change to the free plan offerings? Get Help	14	3730	June 28, 2019
Auth0 by Okta Community Ask Me Anything with Self-Service Subscriptions and Billing Community AMA Series community , ama	14	2611	November 17, 2023

Is there a Data Processing Agreement/Addendum on its way?

Related topics