Cross-border data flows and Privacy Shield
On July 16, 2020, the Court of Justice of the European Union issued a ruling that declared Privacy Shield invalid. Privacy Shield was a program administered by the US Department of Commerce that enabled mParticle and other Privacy Shield participants to transfer EU personal data into the US. We appreciate that mParticle customers who process EU data may have important questions about the impact of this ruling.
On July 16, 2020, the Court of Justice of the European Union issued a ruling that declared Privacy Shield invalid. Privacy Shield was a program administered by the US Department of Commerce that enabled mParticle and other Privacy Shield participants to transfer EU personal data into the US. This is important, because many software companies, including mParticle, may operate some or all of their core infrastructure in data centers hosted within the geographical boundaries of the US. Privacy Shield was one of a few mechanisms available to businesses with EU data to ensure the transfer of data to the US for processing and storage in a privacy-compliant manner. We appreciate that mParticle customers who process EU data may have important questions about the impact of this ruling.
At mParticle, we recognize privacy as a fundamental human right. Since our inception, we have had a strong and continuous commitment towards evolving data protection and supporting privacy legislation and have invested heavily in product features and capabilities that enable our customers to do the same. We believe that this is inherent to the nature of a customer data platform - and it is also deeply rooted in our core values as a company.
Prior to the Court of Justice of the European Union‘s ruling, we have offered our customers the option of using either Standard Contractual Clauses (SCCs) and/or Privacy Shield frameworks for EU data transfers. Although the July 16th ruling invalidated Privacy Shield, SCCs remain valid. The SCCs are an alternative cross-border data transfer mechanism that we already have in place with some customers.
For our customers whose EU data transfers were already covered by SCCs, nothing needs to be done. For those that were previously covered by Privacy Shield, adopting the EU standard contractual clauses (SCCs) is a prudent path forward.
If you are an mParticle customer looking to incorporate SCCs, your mParticle Customer Success Manager will be in contact with you very shortly to begin the process of incorporating the Standard Contractual Clauses into our current agreement(s) with you. We recognize the possibility that authorities within the EEA may impose additional rules and restrictions with regard to cross-border data transfers, so our privacy team will continue to closely monitor any changes as well as the evolving discussions following the ruling in light of requirements with respect to Standard Contractual Clauses, adequate safeguards, and potentially codes of conduct and/or certifications.
mParticle thanks you for your business, and your trust! If you have any questions regarding this ruling and mParticle’s commitment towards evolving data protection and supporting privacy legislation, please get in touch via email.
Additional background information:
Latest from mParticle
How Giant Eagle launched a multi-tier loyalty program with cross-channel personalization
Learn how the Giant Eagle Customer Experience team built a robust data pipeline and used it to power personalization throughout their new multi-tier loyalty program, myPerks.
Data enrichment and machine learning: Maximizing the value of your data insights
Data enrichment and machine learning are two techniques that can enhance the ability of your customer data to drive personalized experiences. While there is some overlap in the end goal of both approaches to enhancing data value, there are significant differences in the time, resources, and overhead they each require.
How to manage data across your tech stack based on customer consent
Great customer experiences are built on trust. Learn more about the tooling that can help you collect customer consent and manage how data flows between systems based on customer consent.