Privacy regulations differ between regions of the world. This document will help you explain how to work with customers in the most populous regions that have unique privacy regulations.
Note that this assumes that the legal portions required between Mediafly and your organization (e.g. Standard Contractual Clauses, or SCCs, for EU GDPR) have already been executed.
EU and UK
In the EU, the driving privacy regulation is the General Data Protection Regulation, or GDPR. GDPR focuses on 7 key principles:
- Lawfulness, fairness and transparency — Processing must be lawful, fair, and transparent to the data subject.
- Purpose limitation — You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
- Data minimization — You should collect and process only as much data as absolutely necessary for the purposes specified.
- Accuracy — You must keep personal data accurate and up to date.
- Storage limitation — You may only store personally identifying data for as long as necessary for the specified purpose.
- Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
- Accountability — The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.
The UK GDPR is similar enough to the EU GDPR that there are no major differences required to comply with the UK GDPR.
To comply with EU and UK GDPR, we recommend our clients take the following actions:
- Decide if you require hosting your content and/or account data within EU-specific data centers. Mediafly can host content and/or accounts within an EU-based AWS region. The list of regions can be found here. If you require Mediafly to change the hosting location for your data, please contact us and we can work with you to conduct a migration
- Within Airship, set up your account managers (those with Manage Accounts rights on groups) to align within the same geographical area as the users within that group. This ensures that those administrators’ usage of the tool doesn’t accidentally leak PII across geographical lines
- Respond to Right To Be Forgotten Requests from Mediafly. These often come into Mediafly’s Data Privacy request email address. We then route those to our clients where necessary. Historically, the requests have been relatively rare, but they do need to be acted upon when received
The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law. This includes:
- The right to know about the personal information a business collects about them and how it is used and shared;
- The right to delete personal information collected from them (with some exceptions);
- The right to opt-out of the sale of their personal information; and
- The right to non-discrimination for exercising their CCPA rights.
The CCPA is viewed as less rigorous than the EU GDPR. As such, please follow the steps above for EU GDPR, and your organization will be covered.
More strict data transfer laws
Some regions require even stricter guarantees on data. Meaning, data privacy restrictions are such that the typical “legitimate interest” for transfer of data that is found in EU GDPR are not strict enough. For this scenario, we offer the ability to enable Privacy Mode.
With Privacy Mode, Mediafly will create a new field called Country within user management. When Privacy Mode is enabled, and the user’s country is set to anything other than the US, then that user’s username is anonymized (e.g. replaced with a random set of letters and numbers) in our reporting databases. This includes in Engagement360’s Insights, Intelligence360’s data flow from Engagement360, and Airship Usage Reports.
When this is enabled, marketers and content administrators will be unable to view reporting tied to a specific user, as all views of that user will be anonymized to a sequence of random letters and numbers.
To enable Privacy Mode, please contact Mediafly, and we will enable it for you.
Article is closed for comments.