The Privacy Shield invalidation: Mixpanel's Global Head of Privacy & Security answers your most pressing questions

  • 22 July 2020
  • 2 replies
The Privacy Shield invalidation: Mixpanel's Global Head of Privacy & Security answers your most pressing questions
Userlevel 1

Subscribe to this post by hitting the star symbol below, to see answers to the questions Peter Day wasn’t able to get to during our EU and North America sessions today.


Have more questions? Drop them in the comments below, and Peter will respond :point_down:


2 replies

Hey @Sam Graham !  Thanks for setting this all up.  I am looking forward to answering the questions we didn’t get a chance to address during this week’s webinars on the Privacy Shield and cross-border data transfers.  

A few folks wrote in with questions about what steps they could take now to ensure their US based services providers offer protection equivalent to those offered under EU law.   While it is still early days, I have a couple of recommendations:

  • Proactively start a dialogue with your Customers.  If you relied on Privacy Shield for data transfers, now is a great time to proactively reach out and begin chatting with your customers about next steps.   While you may not immediately solve all your data transfer problems, it sends a strong signal that you are focused on data protection. 
  • Consider Standard Contractual Clauses.  With Privacy Shield dead and binding corporate rules difficult to get, so-called “Standard Contractual Clauses” or “SCCs” remain one of the few viable data transfer mechanisms for most companies. 
  • Review the security of your data flows. One way to help reduce risks to personal data is to ensure that it is encrypted in transit and that any interconnections between systems are secure.  The death of Privacy Shield is a great opportunity to examine the security of your data flows, and make sure strong encryption is in place. 
  • Explore data residency options.  One way to short-circuit uncertainty around Privacy Shield’s death is to limit or reduce your data transfers.  This is something you should explore with your vendor base--do any of them offer data residency options? 
  • Follow Regulator Press Releases Closely.  One final proactive step is following EU data protection authorities closely.  I am focusing a lot of attention at the EU wide European Data Protection Board (or EDPB) but you should also follow the data protection authorities in the countries where your business is active for updates. 

As I said at the outset, things are changing rapidly, so stay tuned for other updates.