Since the fall, companies that transfer data between the U.S. and the EU have been having some headaches — headaches costing up to £100,000 ($149,000), according to the Direct Marketing Association (DMA).
Oct. 6 saw the landmark ruling between Max Schrems and the Data Protection Commissioner that invalidated the U.S. and EU Safe Harbor agreement, a blanket framework that allowed for the free transfer of data between the U.S. and the EU. Some 35,000 organizations were signed up to Safe Harbor, allowing them to transfer data, ranging from employee payroll information to customer purchasing history, across the Atlantic.
For this interim period before a new Safe Harbor 2.0 can be agreed, companies have had to use workarounds to avoid breaking the law and face fines.
The DMA anonymously polled its U.K. members, some of whom include Barclays, BT and Sky, marketing agencies and suppliers, and found that introducing alternatives to Safe Harbor is costing 18 percent of companies between £50,000 and £100,000, ($74,000 and $149,000). While nearly two-thirds (63 percent) report that it’s costing less than £10,000 ($15,000).
In the last two months, companies that want to continue transferring data across the Atlantic have had several options: continue transferring data between the two regions and risk compliance penalties (which 43 percent of DMA respondents are doing) or produce legal documents for each data transfer. These documents include contract clauses (30 percent) or binding corporate rules (10 percent) — these require legal teams and data importers and aren’t exactly quick or cheap.
Model contract are the fastest — they can be executed within a day as long as the firm’s lawyers and data teams are all available. Some companies, like Mailchimp, offer clients downloadable standard clause forms to make it as easy as possible to comply with regulation.
But these aren’t even remotely watertight. “Even when using model contract clauses, you still don’t know if the U.S. government is reading your emails,” said Eitan Jankelewitz, who works at media lawyers Sheridans. “We’re just another court case away from finding out that that doesn’t work either. Currently, they are lawful, but we don’t know how long for.”
“Model clauses are plainly inadequate,” said Richard Lack, director of EMEA sales at software firm Gigya. “They may bridge the gap legally as an interim process, but really everyone is driving toward hosting data within EU.”
Which means the small- and medium-sized companies — some 60 percent of businesses that were Safe Harbor certified — are feeling the pinch. “Companies that can’t afford regional data centers, which cost several million of pounds to run annually, will just fail to expand internationally,” said Lack. “It is just part of international trading now that you have to deal with various regional data privacy legislations.”
The DMA’s research will aid discussions on how the European Commission and the U.S. Department of Commerce can agree on a Safe Harbor 2.0, but some sources say the U.S. needs to pass more laws to ensure European citizen data is handled securely.
-
Media Briefing: Publisher execs fear lack of visibility for Q3, but feel steady year over year
Publisher execs share how Q2 shook out for their businesses as they brace for an equally murky second half.
-
Digiday+ Research: Nearly two-thirds of publishers think they will lose when the third-party cookie dies
Publishers have been busy prepping for the end of the third-party cookie, but that doesn't mean they think they'll come out on top in the post-cookie era. In fact, publishers count themselves among those who stand to lose from the end of the cookie.
-
Spotify cancels six true crime podcasts amid layoffs, Gimlet-Parcast merger
Spotify is canceling six shows and laying off 200 people as it merges its Gimlet and Parcast units to push its podcast business towards profitability.
-
SponsoredWhat the measurement and currency discussion really means to TV advertisers
Ali Mack, head of TV and agency, Experian Major streaming video providers have recently made headlines by adopting new currencies for ad measurement, threatening Nielsen’s long-standing TV ratings monopoly. NBCUniversal, for example, has certified iSpot and VideoAmp as currencies for advanced audiences and formed the Joint Industry Committee with Paramount, TelevisaUnivision and Warner Bros. Discovery. […]
-
As AI spreads across the marketing landscape, data’s role will be key to success or danger
There’s a growing awareness of the risks inherent in AI's ultra-powerful potential, but whether enough steps are being taken to mitigate them remains a huge question mark.
-
‘Not the future’: European publishers remain steadfast in blocking alternative IDs to third-party cookies
Some European publishers believe alternatives to the third-party cookies, probabilistic or deterministic, will do more harm than good to their ads businesses.