Written by Femke van Zelst
Are you looking for a new email marketing and marketing automation platform? Or are you currently working with an American platform? Then pay attention! As an expert in marketing and technology with 20 years of experience, we keep a close eye on all trends, developments and regulations and we thought this was very important news to share with you. What’s going on? Well, the Privacy Shield was declared invalid on July 17, 2020. This means that companies in the European Union are no longer allowed to transfer personal data to the United States on the basis of the Privacy Shield. According to the European Court, the Privacy Shield cannot guarantee the same protection as GDPR. The Privacy Shield was one of the ways, in accordance with GDPR, to exchange personal data with companies located outside the European Union. However, this does not mean that no more personal data may be shared with countries such as the United States. Another way, to stay in accordance with GDPR, is to use Standard Contractual Clauses, or SCCs. The ruling of the European Court has no consequences (yet) for the SCCs.
The Privacy Shield does not offer the same protection as the GDPR in force in Europe, i.e. GDPR. American security services can access European personal data. As a European company, you will, therefore, be in violation of the law as of July 17, 2020, if you cooperate under a Privacy Shield with AMERICAN companies that process personal data. The Standard Contractual Clauses (SCC’s), i.e. model contracts, are still valid for the time being, but: you cannot blindly assume that these agreements ensure that the processing of personal data in the US is secure. If you share data based on a model contract, you need to check the legal system of the country in question to find out if it is really safe enough.
This ruling is going to have a significant impact on companies that share data outside the European Union. Many companies use big American marketing tools. The most important thing is to map the impact on your organisation and ensure that you can continue to comply with GDPR.
If you use an email marketing platform that stores and process data in the US, you no longer meet GDPR guidelines. Email marketing platforms like Mailchimp, Braze and Klaviyo have a big problem. Creating model contracts for all their EU customers is a considerable challenge. Also, technology lawyers and data protection experts believe that model contracts only temporarily provide you with the information and, as mentioned earlier, have a duty to do so.
Do you use a marketing platform that stores and processes data in the US? Then it is imperative to check the SCC properly. Of course, you can also choose to go for a Dutch marketing platform like Clang, so you can be sure you’re compliant with the GDPR. Clang is 100% AVG-proof and offers endless possibilities to make your marketing is a great success.
Want to know more about data sharing outside Europe? Check out this Q&A from DDMA.