We’re pleased to share that Centralive is now an active participant in the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, as certified by the U.S. Department of Commerce.
For research teams in Europe, the UK, and Switzerland, this removes a common point of friction: a clear, recognized legal basis for transferring participant and study data to Centralive in the United States.
What the Data Privacy Framework is
The Data Privacy Framework is a program operated by the U.S. Department of Commerce that lets U.S. companies receive personal data from the European Union, the United Kingdom and Gibraltar, and Switzerland in a way these jurisdictions recognize as providing adequate protection. It replaced the earlier Privacy Shield program and is backed by adequacy decisions from the European Commission and equivalent recognition from the UK and Switzerland.
To participate, a company commits to a set of privacy principles covering notice, choice, accountability for onward transfers, security, data integrity, access, and independent recourse. Participation is verified by the Department of Commerce and enforced by the U.S. Federal Trade Commission.
Why it matters for research teams
Clinical and behavioral research is increasingly cross-border. A study designed in Munich or Manchester may collect data from participants whose information needs to flow to a platform hosted in the United States. Under GDPR and UK GDPR, that transfer needs a valid legal mechanism.
With Centralive’s DPF participation, that mechanism is in place. For your team this means:
- A recognized basis for transferring data from the EU, UK, Gibraltar, and Switzerland to Centralive, without having to negotiate standard contractual clauses from scratch
- Privacy protections aligned with the DPF Principles applied to the data you entrust to us
- Independent recourse for individuals through JAMS, at no cost to them
- One fewer open question in your ethics review and procurement workflows
How this fits our broader compliance program
DPF participation builds on the foundations already in place at Centralive. We operate in alignment with HIPAA, encrypt data in transit and at rest, enforce least-privilege access with multi-factor authentication, and maintain continuous monitoring and a documented incident response program. An independent SOC 2 Type 2 examination of our controls is currently underway.
We see privacy and security not as boxes to check but as part of what makes a research platform trustworthy enough to build real science on.
Learn more
You can view our active listing on the official Data Privacy Framework List at dataprivacyframework.gov, and read our full Privacy Policy and Data Privacy Framework Statement at centralive.health/privacy-policy.
If your team has questions about data protection at Centralive, or needs a copy of our subprocessor list or Data Processing Agreement, reach out to us at privacy@centralive.health.
