MENU
  • Enom.com
  • Resellers

Enom Blog

Do Privacy Shield Rulings Impact Enom?

November 3, 2020

GDPR, Industry Insight, News, Uncategorized

 Like

Views: 1612

If you follow data privacy news, you may have heard that the EU-US Privacy Shield was invalidated recently, and as an Enom reseller, you might be wondering how that affects our services. TL;DR: It doesn’t.

We’ll get into the details of Privacy Shield, what it was used for, and what happens now that it’s been invalidated, but essentially, it let U.S.-based businesses lawfully transfer the personal data of EU individuals to the US by signing on to a series of privacy and data protection commitments.

Now that the EU-US Privacy Shield is no longer an option, companies transferring data will have to look into the other possibilities remaining to them under the GDPR. This is something you may already be looking at for your own business; for your Enom domain reseller services, we’ve got it covered.

What does the GDPR say about cross-border data transfer?

When we think about the GDPR and other data privacy laws, we tend to think they restrict or entirely prevent the use of personal data in the name of privacy. That’s not entirely incorrect—a big part of protecting personal data is limiting its use—but it’s also not the whole story. Another aim of the GDPR is to allow or even enable the transfer of personal data, as long as the data remains protected. When the data remains within the EU, it stays under the direct purview of the GDPR, and so ensuring that it remains protected is fairly straightforward, since the same rules apply both before and after the transfer. But what about when sending data out of the EU?

The GDPR offers three basic options for how to transfer data to a “third country” outside the EU.

Option 1: an “adequacy decision”

The European Commission can review a country’s data protection laws and determine that they offer an adequate level of protection for personal data. The Commission maintains a list of countries with adequacy status; Canada is included, but only for data protected under Canadian privacy law (which does not cover personal data being processed by the government! Oh, Canada—room for improvement!)

Option 2: appropriate safeguards

The second option for transferring data is referred to as “appropriate safeguards,” which includes the Standard Contractual Clauses, a pre-approved contract provided by the European Commission which can be appended to any agreement.

Option 3: derogations

Derogations are exceptions for certain circumstances, which should only be used rarely and as a last resort.

What was the EU-US Privacy Shield? What happened to it?

The EU-US Privacy Shield was a special type of adequacy decision, a framework set up by the European Commission and the US Department of Commerce which US-based businesses could commit to follow. It provided assurances related to data protection and data subject rights that are similar to what we are familiar with from the GDPR; once a business signed on to those commitments, they became legally binding and enforceable. These commitments included:

  • providing transparent information to individuals about rights related to their data
  • providing dispute resolution for individuals who brought complaints related to how their data is handled
  • meeting purpose limitation and data retention obligations and requirements around accountability

Now that the EU-US Privacy Shield has been invalidated, businesses can no longer rely on it as an adequacy decision. Instead, any transfer of data from the EU into the US needs to be protected by some other method—either appropriate safeguards or derogations. We know that derogations are limited, generally to be used for one-time transfers or exceptional circumstances.

So where does that leave businesses who need to transfer data, including domain providers? They will have to add the proper assurances into their contracts, typically by use of standard contractual clauses—which is what we have done since 2018.

How does Enom handle cross-border data transfer without the Privacy Shield?

Lucky for us, it’s not a problem. We don’t have to make any changes to how we protect data when transferring it to the US because we don’t rely on the EU-US Privacy Shield framework.

The Privacy Shield framework was only available to American companies, which right away excludes two of Tucows’ (our parent company) main domain businesses. Enom is American, but OpenSRS is a Canadian company, and Ascio is European. Enom could have signed on to the Privacy Shield framework, but Tucows wanted a single approach to apply to all their businesses.

When we built out our processes for GDPR compliance, we adopted Standard Contractual Clauses provided by the European Commission to govern how we protect personal data.

The Standard Contractual Clauses have been incorporated into our contracts with our resellers, vendors, and other service providers via a Data Processing Addendum. This means that when domain registration data is sent to registries or data centers in the US these contractual commitments can be relied on to govern how the data is handled and to ensure that each data subject’s rights are always respected. Specifically, through the Data Processing Addendum, we commit to complying with GDPR obligations, including confidentiality and information security controls, cooperation with supervisory authorities, and appointing a Data Protection Officer. The Addendum also documents our obligations related to ongoing testing and review of security measures, the reasons we process data, and what third-party providers we work with. We closely watch for any updates to the Standard Contractual Clauses, as we want to remain current with any standards provided by the European Commission.

What do I need to do as a reseller?

For the data processed related to our services, absolutely nothing! You’ve already accepted our Reseller Agreement, so it’s all handled. If you want to learn more, though, you can look for yourself to see the Standard Contractual Clauses in our Data Processing Addendum (which is incorporated into our Reseller Agreement by reference), and you can compare them to the version published by the Commission.

You can also consult your own data protection counsel. This blog post is intended to be helpful and to share with you how we view data protection at Enom, but it is not intended as legal advice and should not be seen as a replacement for independent legal counsel.

Share on FacebookShare on TwitterShare on Linkedin

November 3, 2020

 Like

Views: 1612

Previous post:
Whois History and Updated Tiered Access Statistics
Next Post:
Support e-commerce customers with subscription tools

Comments are closed.

FEATURED POSTS

  • How to Win by Treating Your Customers as Members

    August 13, 2020

  • A Great Domain for Freelancers and Entrepreneurs? Try .ME

    June 22, 2020

  • Bandzoogle: website builder for musicians

    June 1, 2020

  • security lock and credit cards on keyboard

    Avoiding COVID-19 Cyberattacks with Security Best-Practices

    April 28, 2020

CATEGORIES

  • Advice
  • Announcement
  • Developers
  • DNS
  • Featured
  • Fun
  • GDPR
  • Industry Insight
  • New TLDs
  • News
  • Premium Domains
  • Promotion
  • Resellers
  • Roadmap
  • SSL
  • Uncategorized
  • WTB

ARCHIVES

  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • September 2018
  • August 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • January 2016
  • December 2015
  • November 2013
Support

Report Abuse
Help Center
Contact Us

Resources

WHOIS Lookup
Maintenance Alerts
Developers
Products & Services

Domain Name Search
Premium Domains
Web Hosting
SSL Certificates
Website Builder
Basic Email
Bulk Tools

© 2021 Enom Blog |