The EU-US Privacy Shield and email validation

GDPR Ready circle of European Stars on a blue background

What is the EU-U.S. Privacy Shield? 

This is a Privacy Shield explanation for readers who don't want to get bogged down in legal jargon.

You'll find links to more technical and detailed explanations at the foot of this article. If that is your thing, please scroll down and tuck in. If not, read on.

The EU-U.S. Privacy Shield is the framework that enables firms to transfer personal data legally from the European Union to the United States. Firms in the USA that move personal data from Europe into the USA are invited to voluntarily participate and join the Privacy Shield Program.

It came into existence in July, 2016, replacing the 'Safe Harbour' framework that had been doing the job previously.

There is a separate Swiss-U.S. Privacy Shield Framework that covers transferring data from Switzerland to the USA. That came into existence in January 2017.

Why does the EU-U.S. Privacy Shield exist?

Basically, to help the digital economy grow, to improve trade and to increase security.

Back in 2012, The European Commission raised concerns about the security of personal data of European Union citizens being transferred to the USA. The European press reported on areas of disagreement between legislative attitudes to protecting personal data. The prevailing attitude was and still is, that in Europe, data privacy laws are more stringent than in the US.

The European Court of Justice rejected the existing 'Safe Harbour' framework. Stories about social-media data storage and transfer, preceded news of subsequent US eavesdropping activities. This did little to help create a feeling of 'common ground.' In fact Facebook ended up in court in Ireland, so it's fair to see the governments weren't seeing eye to eye on this one.

Does the EU-U.S. Privacy Shield affect Email Hippo then?

Nope. Email Hippo is a UK company so we don't need to participate in the Privacy Shield.

But we thought you might want to know more about how we deal with personal data that is uploaded to our servers for validating.  Especially as most of our customers are companies in the USA, so they might be familiar with Privacy Shield participation and think of it as a sign of reassurance in a data partner.

We have servers in the cloud in Europe, stacking, moving and returning results to our customers. We deliver fast results by using intelligent caching and data routing. 

Is an email address personal data?

A paragraph defining personal data

Personal data is essentially information that is designed to be processed and can identify a living individual.

So can an email address on its own identify a living individual? Yes? No?

Obviously role based email addresses can't identify a living individual, [email protected] gives no personal information. But what about [email protected]? That's personal.

So that's why we take personal data privacy very seriously. Every email uploaded to our service could be personal data. From time to time customers send us extraordinary amounts of personal data that is far and above simple email addresses. In the interests of security, compliance and frankly, just good manners, we have created a framework of extremely secure best practise that we adhere to.

That framework begins with a combination of Microsoft Azure and Amazon Web Service (AWS) security. In addition our discrete EU data center is protected by security that is at least at Azure and AWS enterprise level.

It ends with our ISO 27001 certification. Our information and security management systems are certified to this internationally recognised compliance level.

So we deal with data, safe in the knowledge that we are operating within a secure framework, compliant with the most stringent data law levels on the planet.

You can trust us with your data.

If personal data security is important to you and you'd like more information, please contact our data Protection Officer [email protected] 

You can read about Amazon Web Service security here

Learn about Microsoft Azure enterprise security standards

The EU-U.S. Privacy Shield is described in detail on this US Government site.

Whilst this site outlines the legal and social processes leading up to the failure of the Safe Harbour framework and subsequent development of the Privacy Shield.

If you need to participate in the Privacy Shield you can register here.

For more information about Email Hippo privacy and ISO 27001 read here

What To Read Next