What is the EU-US Privacy Shield Framework?
The European Commission’s Directive on Data Protection went into effect in October of 1998 and prohibits the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for data protection. Because the EU identifies the United States (US) as one of those countries, the EU and the US have elected to take a different approach to data protection. As such, the EU-US Privacy Shield Framework was designed by the US Department of Commerce and the European Commission to allow a mechanism for companies on both sides of the Atlantic to comply with the EU data protection requirements when transferring personal data from the EU to the US. Additional information about the EU-US Privacy Shield Framework is available here.
Is Mixpanel Privacy Shield certified?
Yes, Mixpanel has self-certified to the Privacy Shield Framework. You can verify Mixpanel’s current certification by checking the public list of Privacy Shield certified organizations posted on the Privacy Shield website.
What does Privacy Shield certification mean for Mixpanel customers?
Mixpanel is committed to the privacy of its customers, to protecting their personal data, and to offering our services through a safe and compliant environment. Mixpanel has voluntarily certified under the Privacy Shield Framework so that our customers can feel confident that we are providing adequate levels of protection of personal data. The Privacy Shield Framework brings stronger data protection standards that are better enforced, safeguards against government access, and easier redress for individuals in case of complaints.
The EU-U.S. Privacy Shield is based on the following principles:
- Strong obligations on companies handling data: Under the arrangement, the U.S. Department of Commerce will conduct regular updates and reviews of participating companies to ensure that companies follow the rules they have submitted themselves to or face sanctions.
- Clear safeguards and transparency obligations on U.S. government access: The US has given the EU assurance that the access of public authorities for law enforcement and national security is subject to clear limitations, safeguards and oversight mechanisms.
- Effective protection of individual rights: Any citizen who considers that their data has been misused under the Privacy Shield scheme will benefit from several accessible and affordable dispute resolution mechanisms.
- Annual joint review mechanism: The mechanism will monitor the functioning of the Privacy Shield, including the commitments and assurance regarding access to data for law enforcement and national security purposes.
Does Safe Harbor still exist?
Yes, the US Department of Commerce still administers the Safe Harbor for the transfer of data to the US from Switzerland (US-Swiss Safe Harbor). This "Safe Harbor" framework was designed to bridge the differences between the two countries’ approaches to privacy and provide a streamlined means for U.S. organizations to comply with Swiss data protection law. For more information, and to access the US-Swiss Safe Harbor website, click here.
What if I have additional questions?
Please contact your Mixpanel customer success team member or firstname.lastname@example.org.