Following the European Court of Justice's (ECJ) decision to throw out the EU-US Privacy Shield, we wanted to dig a little deeper to find out exactly how this might affect our industry professionals.
With a personal interest in transatlantic activity – especially as we pride ourselves on Force24 being a UK-built and managed marketing automation platform that’s also GDPR compliant – it’s important that we keep abreast of developments that could impact you, the marketers, that we work directly with.
To cover this topic in detail, we invited Philip Allott, an EU-certified GDPR practitioner, and founder of Berwins Solicitors, Paul Berwin, to join our managing director, Adam Oldfield, for a timely and engaging webinar all about data protection.
Before we get into the nitty-gritty about what was discussed, it’s important to firstly understand what the EU-US Privacy Shield was and why we’re talking about it. Simply put, this was a framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States.
However, on 16th July 2020, the ECJ declared this to be invalid – leaving marketers and their organisations questioning what that meant, especially those who had access to US-based automation platforms and stored data overseas.
During our 19th August webinar, our panel of experts uncovered:
- Whether it was illegal to send customer data to the USA now?
- Why was there a Privacy Shield between the EU and US?
- Can marketing platform vendors send personal data anywhere in the world now?
- What should marketers do to remain GDPR compliant?
Having outlined the historical origins of the EU-US Privacy Shield and why it was in place, some of the key highlights from the discussion included:
Adam: “We work with over 4,000 marketeers and around 40% have either changed – or asked to change – part of the contract based on data. It’s evident there’s a real concern around who has access, and where it goes.”
And following a question asking: “If I’m storing data in Europe on behalf of a business but they have a support function in India and North America, how does that work?”
Philip responded: “The problem you’ve got is the US side could still be mandated by the federal government to access data. There are limitations as to what can be done.
“I’ve been advising a platform that provides certain services in North America and I’m saying to them to do the audit and ensure they’re meeting ‘adequacy’.
“But there’s no legal framework that they have to agree to, other than they’ve signed the Privacy Shield and we can offer anybody who complains Standard Contractual Clauses. Beyond that, that’s all that can be done.”
In answer to another question asking how Brexit would affect the framework being struck down, Philip said that it “won’t make a scrap of difference” and that the GDPR commitment remains the same.
As the high-level discussion continued, a question came in asking, “is storing data in North America going to be problematic?”, Paul replied: “Effectively, it’s been illegal since 16th July, so people need to be taking action on that.
“Whether that means moving services to UK or EU providers or, for providers in the States, they might have to look at having a complete infrastructure in the EU. One of those things will have to happen.”
Bringing the one-hour debate to a close, we’d like to take this opportunity to thank Philip Allott and Paul Berwin for their vital knowledge covering a subject that our marketing industry must be aware of when it comes to storing and protecting data.
If you missed the session, or want to revisit any of the vital questions that were asked – and understand a little more about the vast implications of the Privacy Shield abolition – make sure you access the webinar via our link HERE.
We’ve spoken before about the significant advantages of being UK based and therefore providing peace of mind when understanding where data will be stored. If you’re looking to switch providers or have any additional support needs for marketing automation, email/SMS marketing or GDPR-compliant data capture queries, why not start by booking a free demo?