Privacy Shield update

At dotdigital, we take our responsibilities around data protection very seriously and wanted to make sure that we address any immediate questions that our customers may have.

Last week, on Thursday 16 July, the European Court of Justice set out a judgement that has important implications for international data transfers. The main takeaway from the judgement was that the EU – U.S. Privacy Shield was held to be invalid.

At dotdigital, we take our responsibilities around data protection very seriously and wanted to make sure that we address any immediate questions that our customers may have.

Background

The EU – U.S. Privacy Shield was a mechanism where U.S.-based organizations could self-certify to comply with EU data protection requirements when transferring personal data from the European Union to the United States.

The decision in the Schrems II case last week focussed on whether U.S. laws ensured the adequate protection of data, looking at two widely relied-upon mechanisms of transferring data to the U.S. – the Privacy Shield framework and Standard Contractual Clauses (SCCs).

In summary, the court declared that the EU – U.S. Privacy Shield was insufficient to ensure the protection of EU personal data. Importantly, the court confirmed that the SCCs remained a valid mechanism for the transfer of data from the EU to the U.S.

What this means

The big impact is for any companies that until now have relied on the EU–U.S. Privacy Shield for data transfers from the European Union to the United States – as these are no longer valid.

Any organization relying on this mechanism alone should implement alternative safeguards.

Your data and dotdigital

dotdigital has maintained U.S. Privacy Shield certification and we do have a number of relationships with organizations in the United States. More details around these sub-processors can be found on our Trust Center pages here.

However, the Privacy Shield has been under scrutiny for some time and we have never relied on the Privacy Shield alone.

dotdigital has entered into contracts with the organizations listed on our Trust Center to ensure the safeguarding of personal data, including entering into Data Processing Agreements reflecting the obligations under the GDPR, passing down the measures of the EU Model Contract Clauses to ensure that all customer data is protected.

We will of course continue to monitor developments in relation to any transfers around personal data to make sure that any customer data is safeguarded.


If you have any questions relating to the above, please email privacy@dotdigital.com

This article should not be interpreted as legal advice and the contents are intended for informational purposes only.

dotdigital: working towards a sustainable future

dotdigital is now a carbon neutral company, making us the first and only carbon neutral, ISO 14001 certified marketing automation platform. The grass can’t get much greener than that!  At dotdigital, we recognize that action on climate change is everyone’s responsibility. Not…

dotdigital Hack Week 2020

This is our yearly challenge to our software engineers, product designers, deliverability consultants, and systems administrators to come up with forward-thinking hacks and put them into practice, ready to demo at the end of the week. Not…

What is D2C (direct-to-consumer) marketing?

D2C marketing and its popularity is rapidly changing the ecommerce landscape. Cutting out the retailer, companies are manufacturing, marketing, selling, and shipping their own products directly to the consumer.   With expectations shifting, customers prefer more streamlined and…

This site uses cookies to improve your user experience. By using this site you agree to these cookies being set. To find out more see our cookies policy.