In the age of hyper-personalisation, data is considered the new oil that runs the engine of intelligent customer engagement in an increasingly customer-obsessed world.
Regulatory bodies and brands around the world have wrestled with the need to find a balance between how data should be allowed to be used vs protecting individual rights to privacy and how to regulate that information flow.
Following a complaint, mostly targeting Facebook, on July 16th, 2020, the Court of Justice of the European Union effectively invalidated the EU-US Privacy Shield due to concerns around the US courts having a different view of what can be seen as legitimate access, especially by law enforcement and government bodies.
I’m happy to share that MoEngage is 100% compliant with the new ruling. MoEngage has EU-based data centers and any information related to EU customers does not leave the EU jurisdiction.
However, as a consumer brand marketer, you might have questions about the invalidation. That’s why, I’ve included information about the Privacy Shield, how it was used by technology companies, the impact of the invalidation on consumer apps, and my thoughts on why privacy regulations are important in the below sections – take a look.
The EU-US Privacy Shield is an umbrella policy that requires companies to comply with the GDPR guidelines while transferring personal data to the US. (NB there has always been an additional set of protections under “ Standard Contractual Clauses” which are more specific in nature and applied individually in contracts between companies with EU data citizens but US-based data centers), this practice has not been invalidated due to the individual nature of the clauses, the practice is wholly validated without additional checks either.
Over 5000 companies have legally transferred data on EU Data Subjects from the EU to the US under the privacy shield for the legitimate purpose of providing their services. Now that several findings have shown that the shield could not provide the same level of protection that was provided to EU residents under the GDPR, the policy has been struck down. The US is now considered a third party country with no special arrangements to process the data of the EU users. This essentially means that organisations that transferred data from the EU to the US will have to use robust SCC clauses unless and until a new umbrella policy is agreed.
Consumer apps largely depend upon customer data to not just send targeted ads but also to enhance the customer’s experience. With the new ruling invalidating the privacy shield, consumer apps will come under tighter scrutiny, and brands that use them will have to take additional steps to disperse their responsibilities to their customers. According to Dan Frank, principal of Deloitte Advisory Cyber Risk Services, data transfer could be stopped and hefty monetary fines can be slapped against a company if they are found to be ignoring the invalidation of the privacy shield. The scrapping of this framework may have a huge impact on consumer app providers, especially the small, medium-sized ones who until now paid less attention to SCCs. They will be compelled to update their privacy processes to continue receiving EU data. This does not mean that they cannot work with non-EU companies or vendors. It just means that the new development is going to pose fresh and variable challenges for app providers in receiving data. They may have to create thousands of Standard Contractual Clause contracts to continue receiving data, which could be time-consuming and costly.
Now that the EU-US Privacy Shield has been invalidated, app providers can use the following alternatives to continue offering an enhanced experience to its users.
We cannot stress enough on the role of data in personalising the experience for customers across online and offline channels. Marketing and user experience could not have reached this level of sophistication without data. However, we cannot ignore the fact that customers have to be able to trust that their data is safe when they share it with companies. Hence it is imperative that companies adhere to the compliance laws and incorporate them as a part of their best practices and corporate culture. Customer trust is paramount for a company’s success; it’s crucial not to lose it.