- Security
A Word of Caution For Laravel Developers
Here we go again. There’s been yet another shift in the ever-changing world of data privacy, and we wanted to make sure (as always) that we’re keeping you aware of the changes and helping you stay on top of the topic of data privacy.
You may have heard of the EU-US Data Privacy Shield, which, beginning in 2016, regulated the usage of consumer data in transactions between Europe and the United States. American companies were able to use the Privacy Shield to validate and accredit these transatlantic data transactions. Basically, using the Privacy Shield allowed American companies to actually do those transactions.
Not anymore. On July 16, 2020, the European Commission Court of Justice (CJEU) invalidated the adequacy of the EU-US Data Privacy Shield’s protection. In other words, American companies can no longer use the Privacy Shield as a way to “allow” transatlantic data transactions. You may wonder, what does this mean for Mailgun?You wouldn’t be the first to ask. Since the ruling, some of our customers have asked about its impact on our services and our business. Because of these questions, we wanted to provide more detailed information on how our company deals with data protection, and how it is impacted by the CJEU’s recent decision.
Under the European Union’s General Data Protection Regulation (GDPR), proper safeguards (basically, protections) must be in place for data transfers from any country outside of the European Union, including the United States. Until July 16, 2020, the Privacy Shield was considered an adequate GDPR protection and had complied with its requirements when transferring personal data to the United States.
To remind you, on July 16, 2020, the CJEU invalidated the adequacy of the protection provided by the EU-US Privacy Shield. For more information on this specific ruling, see the decision here.
Since the Privacy Shield framework is now considered inadequate, an alternative protection is required for all data transfers. These alternatives may include the Standard Contractual Clauses (SCCs), also called EU Model Clauses, or Binding Corporate Rules.
Yup! At Mailgun, we had already gone beyond the minimum requirements of the GDPR (yay!). We did not only rely on the Privacy Shield, but we had already maintained (and continue to maintain) Standard Contractual Clauses (SCCs) for all our data transfers, including transfers with our sub-processors that processed our customers’ personal data. These SCCs, as per the CJEU ruling, continue to be a valid legal mechanism to transfer data under the GDPR. So, if you’re using Mailgun, your data is safe and valid.
To go one step further, we implement additional safeguards beyond the standard contractual clauses (sadly, these safeguards don’t include ninjas), and we make sure to have proper technical and organisational measures in place for any personal data transfers (including data encryption and security).
Mailgun has a vendor management procedure in place, which we use to control and audit all of our sub-processors, including frequent audits on the sub-processors that process the personal data of our customers. This is basically a fancy way of saying that our data processes and data processors are safe, valid, and frequently inspected. We also perform audit risk assessments, and we implement the requisite technical and organisational measures to ensure that proper security and data protection are respected. For further details on our security and privacy measures, see our dedicated page here.
No, you don’t have to do anything — we’ve already implemented all necessary protections. Mailgun has you covered and balanced like that kitten at the top of the page.We have been, and remain, wholly committed to having a lawful basis for data transfers in compliance with applicable data protection laws. Both Mailgun and Mailjet continue to monitor the evolution of international data transfer mechanisms under the GDPR, and we are committed to ensuring a lawful basis for all our data transfers in compliance with all other applicable data protection laws.
We understand the concerns of our customers and remain steadfast in our commitment to ensure that our customers’ data is secure and protected. And, as long as we’re here, you can rest assured that we’ll be going above and beyond to protect that data—and its transfers—under international laws. So feel free to sit back, look at cute cat GIFs, and leave data privacy to us.
Do you have any additional questions for our Legal team? Feel free to drop them an email at legal@mailgun.com!
Last updated on November 04, 2020
A Word of Caution For Laravel Developers
TLS Version 1.0 and 1.1 Deprecation
Password Meters Are Not For Humans
Session Awareness & Account Management - How Active are You?
Common Phishing Email Warning Signs
The Bug Hunt Is On — Mailgun Goes Public With Bugcrowd
Internet Security – Defending Against Spam
Caught In A Phishing Line – What We Do And How You Can Protect Yourself
Pseudonymization And You – Optimizing Data Protection
Mailgun Authentication Service – Post Mortem July 2018
Easier and Faster Implementation with Our Updated SDKs
We stand with the AAPI community
The Difference Between SMTP and API
The Basics of Email Dark Mode
COVID-19 Survey: How the Pandemic Has Affected Email Sending
Mailgun Validations Features Improved Performance for EU Customers
International Women’s Day: How Pathwire’s Female Leaders Choose To Challenge
The Top Email Clients and Email Apps of 2021
How To Build An Email List The Right Way
The Path To Email Engagement In 2021: Key Learnings
We stand with the AAPI community
The Difference Between SMTP and API
The Basics of Email Dark Mode
Preparing Your Email Infrastructure Correctly
4 Tips To Improve Your Email Deliverability In 2021
COVID-19 Email Communications Dos and Don’ts
How To Use Parallel Programming
Mailgun’s COVID-19 Plan of Action
Password Meters Are Not For Humans
Send Your Emails at the Perfect Time with Send Time Optimization
Always be in the know and grab free email resources!
By sending this form, I agree that Mailgun may contact me and process my data in accordance with its Privacy Policy.