Privacy Shield Fell and We Have No Replacement
The EU-US Privacy Shield helped to safeguard data that was transferred out of the EU via chat box for website. But since it was invalidated in 2020, we’ve yet to see a replacement.
As web chat experts, Click4Assistance is no stranger to the concept of data protection and privacy. As a service that handles chat logs and customer information on a daily basis, our systems are built to protect against potential security-related issues that could cause a problem both for our clients and our own company. This isn’t true for just C4A, but all businesses that save or process customer data.
What did the EU-US Privacy Shield do?
In the past, the EU-US Privacy Shield provided businesses with a framework that helped to regulate the international exchange of personal data for commercial purposes. This meant that you could work with a company overseas and have peace of mind knowing that they were following some form of framework that meant your customer data wouldn’t easily be stolen and used without your consent. One of the main reasons the framework was created was to more easily receive personal data from entities within the EU under its own privacy laws that were designed to protect European Union citizens.
Unfortunately, the EU-US Privacy Shield was declared invalid on 16th July 2020.
What does this mean for businesses?
The fall of the Privacy Shield could have many implications for businesses. However, if your business doesn’t work with a company outside of the EU, then it should be of no concern to you. Unfortunately, if you partner with organisations outside of the EU, such as a live chat service or outsourced customer support staff, then it immediately becomes an issue.
If you use a company outside of the EU for your live chat service, it means that any communications between you and your customers are sent directly to their services or systems and then relayed back to you. This is needed because their systems are hosted in their own country. It has to process the text that is sent by your customers. In other words, the live chat service will have an almost completely transparent view of your customer service processes and all of the data related to them.
Since the EU-US Privacy Shield has fallen, there are no longer any principles by which companies should feel obliged to follow. This could put all of your data at risk and it means there is no guarantee that the company will protect your information in certain circumstances. Note that this doesn’t mean a company will immediately forget about your business and start selling your information, but there will be fewer obligations to do so.
To make things worse, Brexit means that the UK is no longer a part of the European Union and the transition phase has since concluded. This means that the UK will be in a state of limbo when it comes to forming legislation regarding data transfer to other countries, and we may not be covered by certain agreements and guidelines that are already in place. In other words, now is the time when it helps to have a concrete understanding of where your data is going and how it’s being used. This will help protect not just your customers, but also your own business and its future.
What should I do if I’m working with a non-UK provider?
If you’re currently working with a non-UK provider for your customer support then we highly recommend that you contact them and look at your existing agreements to see if there are any clauses or guarantees regarding the safety of your data and how it affects your company’s compliance. This can be a lengthy and difficult process depending on who the provider is, where they are located, and their cooperation with your company.
Luckily, there are many suppliers that are already switching to other solutions such as the Standard Contractual Clause (SCC) that are serving as alternatives to the Privacy Shield. Many vendors and suppliers that previously relied on the Privacy Shield may already have a solution in place, so it’s worth contacting the company to see if they can inform you about those changes.
However, if they have been silent regarding the Privacy Shield or are unaware of your situation as a UK-based company, then we suggest you contact them as a matter of urgency or seek another provider based within the UK. This will help ensure that you remain compliant and give both you and your customer's peace of mind.
Working with a UK provider can solve many of these issues
It’s important to remember that many of these problems stem from working with companies outside of the UK. At Click4Assistance, all of our systems and data are stored within the UK, meaning that nothing leaves the country and everything is kept locally. For our customers, this means complete peace of mind knowing that we don’t share information with entities that are potentially outside of the UK’s Data Protection Act.
So if you’re concerned about your own data protection compliance or want peace of mind knowing that your data will be kept safe, we highly recommend working with a UK-based support platform provider such as C4A to put your mind at ease. Not only does working with a UK-based company provide security benefits, but it also ensures quicker response times for customer support and the knowledge that your investment is being put towards the country’s economy.