Reading Time: 6 minutes
In the age of hyper-personalisation, data is considered the new oil that runs the engine of intelligent customer engagement in an increasingly customer-obsessed world.
Regulatory bodies and brands around the world have wrestled with the need to find a balance between how data should be allowed to be used vs protecting individual rights to privacy and how to regulate that information flow.
Following a complaint, mostly targeting Facebook, on July 16th, 2020, the Court of Justice of the European Union effectively invalidated the EU-US Privacy Shield due to concerns around the US courts having a different view of what can be seen as legitimate access, especially by law enforcement and government bodies.
I’m happy to share that MoEngage is 100% compliant with the new ruling. MoEngage has EU-based data centers and any information related to EU customers does not leave the EU jurisdiction.
However, as a consumer brand marketer, you might have questions about the invalidation. That’s why, I’ve included information about the Privacy Shield, how it was used by technology companies, the impact of the invalidation on consumer apps, and my thoughts on why privacy regulations are important in the below sections – take a look.
The EU-US Privacy Shield is an umbrella policy that requires companies to comply with the GDPR guidelines while transferring personal data to the US. (NB there has always been an additional set of protections under “ Standard Contractual Clauses” which are more specific in nature and applied individually in contracts between companies with EU data citizens but US-based data centers), this practice has not been invalidated due to the individual nature of the clauses, the practice is wholly validated without additional checks either.
Over 5000 companies have legally transferred data on EU Data Subjects from the EU to the US under the privacy shield for the legitimate purpose of providing their services. Now that several findings have shown that the shield could not provide the same level of protection that was provided to EU residents under the GDPR, the policy has been struck down. The US is now considered a third party country with no special arrangements to process the data of the EU users. This essentially means that organisations that transferred data from the EU to the US will have to use robust SCC clauses unless and until a new umbrella policy is agreed.
Consumer apps largely depend upon customer data to not just send targeted ads but also to enhance the customer’s experience. With the new ruling invalidating the privacy shield, consumer apps will come under tighter scrutiny, and brands that use them will have to take additional steps to disperse their responsibilities to their customers. According to Dan Frank, principal of Deloitte Advisory Cyber Risk Services, data transfer could be stopped and hefty monetary fines can be slapped against a company if they are found to be ignoring the invalidation of the privacy shield. The scrapping of this framework may have a huge impact on consumer app providers, especially the small, medium-sized ones who until now paid less attention to SCCs. They will be compelled to update their privacy processes to continue receiving EU data. This does not mean that they cannot work with non-EU companies or vendors. It just means that the new development is going to pose fresh and variable challenges for app providers in receiving data. They may have to create thousands of Standard Contractual Clause contracts to continue receiving data, which could be time-consuming and costly.
Now that the EU-US Privacy Shield has been invalidated, app providers can use the following alternatives to continue offering an enhanced experience to its users.
MoEngage offers mobile app providers and websites deep insights into how end-users interact with their apps; we have ALWAYS ensured that our platform is compliant with GDPR, CCPA, and EU-US Privacy Shield. Our full privacy policy is accessed here. We are committed to helping brands provide a personalised experience to their customers without compromising personal data. For this reason, MoEngage has EU-based data centers, that are ring-fenced. All information related to EU customers does not leave the EU jurisdiction and therefore remains 100% complaint. App providers who have partnered with MoEngage do not need SCCs and need not worry about the new invalidation of the EU-US Privacy Shield. They can be assured that their data is not getting transferred to the US.
We cannot stress enough on the role of data in personalising the experience for customers across online and offline channels. Marketing and user experience could not have reached this level of sophistication without data. However, we cannot ignore the fact that customers have to be able to trust that their data is safe when they share it with companies. Hence it is imperative that companies adhere to the compliance laws and incorporate them as a part of their best practices and corporate culture. Customer trust is paramount for a company’s success; it’s crucial not to lose it.
Leading the growth of MoEngage in Europe, Mike comes with over 20 years of experience in mobile marketing, marketing technology, personalization, strategic accounts, and business development.
Be the first to access actionable reports, guides, tips, videos, podcasts from experts in Customer Engagement, retention and more!
Here are actionable resources we've curated for you!
The Current State of Personalization in North America: Trends and Insights
Mythbusters: Digital Health Data Protection on Engagement Platforms
Personalization and Privacy: 6 Learnings From WhatsApp’s Privacy Policy Update
GDPR Considerations for Holiday Email Marketing Campaigns
Product Announcement: Introducing Single Sign-On (SSO) on MoEngage
What Is the California Consumer Privacy Act (CCPA) and How Organizations Should Prepare for This Regulation