On July 16, the European Court of Justice (ECJ) moved to invalidate the EU-US Privacy Shield:\u00a0 an agreement allowing US companies to transfer and store information from countries belonging to the European Union.<\/p>\n
The action has wide-ranging implications, but EventsCase is particularly interested in what it says about the safety of your event data. Without an agreement to protect what you gather, you could be at a greater risk of data breaches,<\/strong> leading to fines<\/strong>, a loss of information,<\/strong> and huge reputational damage<\/strong>. Allow us to explain in more detail.<\/p>\n The EU-US Privacy Shield system underpins transatlantic digital trade for thousands of companies. It\u2019s one of the major agreements that sit outside of the General Data Protection Regulation (GDPR), ensuring the safe flow of data from the EU to non-EU countries.<\/p>\n Any US company signing up to the Shield must cooperate with data protection regulators due to certain assurances given by the framework regarding the safety of information. Until recently, it\u2019s provided peace of mind to European-based companies that host data in the US.<\/p>\n Some have no idea their information travels this far. Indeed, the most common scenario in an events context would be the use of technology to manage registrations, check-in and create mobile apps, with all data making its way across to a US server.<\/p>\n Don\u2019t forget, the platform itself could be \u2018global\u2019, and not all organisers realise where their attendee information ends up. Judging by our investigations and knowledge of the event tech market, this is fairly common.<\/p>\n \u2018Privacy Shields\u2019 play a key role in policing the use of your data, until they themselves are brought to question.<\/p>\n Enter Max Schrems, an Austrian privacy advocate, who in 2018 challenged the agreement<\/a> in the ECJ. He argued that US national security laws failed to adequately protect EU citizens from acts of \u201csnooping\u201d. After two years of deliberation, he won.<\/p>\n The court ruled in favour of Schrems and his case, therefore making the Shield invalid.<\/p>\n Further invalidation of mechanisms like the Privacy Shield could see the end of a truly borderless internet. More pertinently, though, the ECJ has essentially spelt out the risk associated with housing information in the US.<\/p>\n It\u2019s official: you cannot guarantee that someone isn\u2019t trawling through your attendee data.<\/em><\/p>\n <\/p>\n <\/p>\n Politico<\/a> reports that some companies have already ceased the movement of their information and are now keeping it within the EU. Others are seeking Standard Contractual Clauses (SCCs), which are individual and made between two organisations. However, it\u2019s now thought that last week’s decision may see the end of these as well.<\/p>\n All signs point towards a reform of US surveillance practices to fit in line with EU laws. Analysts have long complained about the lack of protection being offered to companies that pass data into the States. Yet, considering President Trump\u2019s previous conflicts with GDPR<\/a> and his frosty relationship with the EU, we\u2019d be surprised if this were made a priority.<\/p>\n Anyone using a technology for their registration, check-in and event management should now be asking where their data is positioned. Our investigations show several big names in the event tech landscape housing information on US servers, which could leave it vulnerable to surveillance.<\/p>\n One safeguarding measure would be to seek a clause in your contract that specifies where your data is stored. If your provider does not wish to include this, you could be risking a financial penalty from watchdogs like the Information Commissioner\u2019s Office and a severe blow to your reputation.<\/p>\n These issues aside, there is definitely something to be taken from the sheer confusion surrounding the next possible steps.<\/p>\n Companies applying SCCs as a short-term measure have no idea if they will soon be deemed unfit for purpose. Transfers of data between the EU and US are not expected to stop, chiefly because companies are awaiting a more detailed response from the European Commission and UK Information Commissioner.<\/p>\n Our advice would be to err on the side of caution and keep your data away from the US, at least until you can be sure of its protection.<\/p>\n Attendees impart a wealth of personally identifiable information from the moment they register for a ticket. Companies like Yahoo and Equifax<\/a> are still recovering from their respective customer data breaches, where millions of records found their way into the wrong hands. In a world where online privacy is at the top of consumer consciousness<\/a>, you want to avoid being implicated in any potential leak.<\/p>\n News of the Shield\u2019s collapse might seem like the last thing our industry needs right now. But as data becomes all the more vital to our operations, allowing for the creation of personalised experiences, the current period of downtime could be ideal for patching some of the chinks in our armour.<\/p>\n <\/p>\nWhat is the EU-US Privacy Shield?<\/strong><\/h2>\n
![\"Event](\"https:\/\/eventscase.com\/blog\/wp-content\/uploads\/2020\/08\/what-is.jpeg-876x630.jpg\" "\\"-\\"")
<\/p>\nHow does this affect my event?<\/strong><\/h2>\n
![\"Privacy](\"https:\/\/eventscase.com\/blog\/wp-content\/uploads\/2020\/08\/data-breaching-hacker-decoding-information-from-futuristic-network-technology-with-white-symbols.jpeg.jpg\" "\\"-\\"")
<\/p>\nWhat should I do about it?<\/strong><\/h2>\n