What mitigating measures has MessageBird taken in relation to the invalidated Privacy Shield?

As a result of the recent ruling by the European Union on cross-border personal data transfers outside of the European Economic Area, which invalidated the Privacy Shield, MessageBird is updating its cross-border data transfer mechanisms with recipients of personal data located in the United States.

To ensure sufficient guarantees and safeguards are in place to protect the personal data of our customers and to ensure the privacy rights of all individuals affected, MessageBird is currently reviewing the transfer mechanism in place with all US-based partners, including those third parties making use of hosting locations in the US. If an assessment of local laws and the necessary additional measures on the side of the third party allows us to apply Standard Contractual Clauses, we will do so. If no other personal data transfer mechanism can be applied, the transfer of personal data will be stopped.

We have updated our existing Approved Processor list and included the applicable cross border data transfer mechanism for each vendor.

MessageBird will continue to monitor the evolution of international data transfer mechanisms under the GDPR and ensure a lawful basis for all cross border data transfers in compliance with applicable data protection laws.

Last updated