- Security
TLS Version 1.0 and 1.1 Deprecation
Chris Farmer
• 6 min read
- Security
Privacy Matters: Your Data Is Safe With Us
Mailgun Team
• 5 min read
Here we go again. There’s been yet another shift in the ever-changing world of data privacy, and we wanted to make sure (as always) that we’re keeping you aware of the changes and helping you stay on top of the topic of data privacy.
So what happened with the Privacy Shield?
You may have heard of the EU-US Data Privacy Shield, which, beginning in 2016, regulated the usage of consumer data in transactions between Europe and the United States. American companies were able to use the Privacy Shield to validate and accredit these transatlantic data transactions. Basically, using the Privacy Shield allowed American companies to actually do those transactions.
Okay, so does the Privacy Shield still protect these companies?
Not anymore. On July 16, 2020, the European Commission Court of Justice (CJEU) invalidated the adequacy of the EU-US Data Privacy Shield’s protection. In other words, American companies can no longer use the Privacy Shield as a way to “allow” transatlantic data transactions. You may wonder, what does this mean for Mailgun?You wouldn’t be the first to ask. Since the ruling, some of our customers have asked about its impact on our services and our business. Because of these questions, we wanted to provide more detailed information on how our company deals with data protection, and how it is impacted by the CJEU’s recent decision.
A little background on the CJEU ruling
Under the European Union’s General Data Protection Regulation (GDPR), proper safeguards (basically, protections) must be in place for data transfers from any country outside of the European Union, including the United States. Until July 16, 2020, the Privacy Shield was considered an adequate GDPR protection and had complied with its requirements when transferring personal data to the United States.
To remind you, on July 16, 2020, the CJEU invalidated the adequacy of the protection provided by the EU-US Privacy Shield. For more information on this specific ruling, see the decision here.
Since the Privacy Shield framework is now considered inadequate, an alternative protection is required for all data transfers. These alternatives may include the Standard Contractual Clauses (SCCs), also called EU Model Clauses, or Binding Corporate Rules.
Does Mailgun have alternative protection?
Yup! At Mailgun, we had already gone beyond the minimum requirements of the GDPR (yay!). We did not only rely on the Privacy Shield, but we had already maintained (and continue to maintain) Standard Contractual Clauses (SCCs) for all our data transfers, including transfers with our sub-processors that processed our customers’ personal data. These SCCs, as per the CJEU ruling, continue to be a valid legal mechanism to transfer data under the GDPR. So, if you’re using Mailgun, your data is safe and valid.
To go one step further, we implement additional safeguards beyond the standard contractual clauses (sadly, these safeguards don’t include ninjas), and we make sure to have proper technical and organisational measures in place for any personal data transfers (including data encryption and security).
Mailgun has a vendor management procedure in place, which we use to control and audit all of our sub-processors, including frequent audits on the sub-processors that process the personal data of our customers. This is basically a fancy way of saying that our data processes and data processors are safe, valid, and frequently inspected. We also perform audit risk assessments, and we implement the requisite technical and organisational measures to ensure that proper security and data protection are respected. For further details on our security and privacy measures, see our dedicated page here.
So, I’m good? Do I have to do or change anything related to data privacy?
No, you don’t have to do anything — we’ve already implemented all necessary protections. Mailgun has you covered and balanced like that kitten at the top of the page.We have been, and remain, wholly committed to having a lawful basis for data transfers in compliance with applicable data protection laws. Both Mailgun and Mailjet continue to monitor the evolution of international data transfer mechanisms under the GDPR, and we are committed to ensuring a lawful basis for all our data transfers in compliance with all other applicable data protection laws.
We understand the concerns of our customers and remain steadfast in our commitment to ensure that our customers’ data is secure and protected. And, as long as we’re here, you can rest assured that we’ll be going above and beyond to protect that data—and its transfers—under international laws. So feel free to sit back, look at cute cat GIFs, and leave data privacy to us.
Do you have any additional questions for our Legal team? Feel free to drop them an email at legal@mailgun.com!
Tags: SecurityData Privacy
Last updated on October 07, 2020
- Related posts
- Recent posts
- Top posts
- Security
Password Meters Are Not For Humans
Patrick Tilley• 8 min read- Security
Session Awareness & Account Management - How Active are You?
Patrick Tilley• 4 min read- Security
Common Phishing Email Warning Signs
Mailgun Team• 4 min read- Security
The Bug Hunt Is On — Mailgun Goes Public With Bugcrowd
David Dobbins• 1 min read- Security
Internet Security – Defending Against Spam
Nick Schafer• 9 min read- Security
Caught In A Phishing Line – What We Do And How You Can Protect Yourself
Natalie Hays• 5 min read- Security
Pseudonymization And You – Optimizing Data Protection
Natalie Hays• 4 min read- What's new
Mailgun Authentication Service – Post Mortem July 2018
Josh Odom• 3 min read- Best Practices
Explicit Consent And The GDPR
Josh Odom• 5 min read
- Best Practices
The Science and Art of Gmail Deliverability
Kate Nowrouzi• 7 min read- Best Practices
He's Just Not That Into You: Disengaged Mailing List Subscribers
Kate Nowrouzi• 4 min read- Security
Privacy Matters: Your Data Is Safe With Us
Mailgun Team• 5 min read- Security
TLS Version 1.0 and 1.1 Deprecation
Chris Farmer• 6 min read- Best Practices
Not All The Best DNS Blocklists Are Created Equal
Nick Schafer• 5 min read- What's new
Mailgun Just Got Better For Client Management
Chris Farmer• 5 min read- Best Practices
Why Email Validation Is Vital For Your Inbox
Mary Dolan• 6 min read- What's new
Our Values In Action
Nikki Morello, Vice President of Human Resources• 9 min read- What's new
The Mailgun Maverick Program Is Here!
Mailgun Team• 4 min read- Email DIY
How To Promote Strategic Engagement In Your Email Program
Mary Dolan• 6 min read
- Best Practices
The Science and Art of Gmail Deliverability
Kate Nowrouzi• 7 min read- Security
Privacy Matters: Your Data Is Safe With Us
Mailgun Team• 5 min read- Security
TLS Version 1.0 and 1.1 Deprecation
Chris Farmer• 6 min read- Best Practices
Not All The Best DNS Blocklists Are Created Equal
Nick Schafer• 5 min read- Best Practices
How To Improve Email Open Rates
Mary Dolan• 8 min read- Best Practices
Preparing Your Email Infrastructure Correctly
Kevin George• 8 min read- Best Practices
4 Tips To Improve Your Email Deliverability In 2020
Mary Dolan• 7 min read- Best Practices
COVID-19 Email Communications Dos and Don’ts
Kate Nowrouzi• 4 min read- For devs
How To Use Parallel Programming
Mary Dolan• 3 min read- What's new
Mailgun’s COVID-19 Plan of Action
Mailgun Team• 2 min read
Always be in the know and grab free email resources!
No spam, ever. Only musings and writings from the Mailgun team.
Mailgun is committed to protecting your privacy. Please read ourPrivacy Policybefore providing us with your details.
sign up
It's easy to get started. And it's free.
See what you can accomplish with the world's best email delivery platform.