EU privacy rules for non-European companies
The European Court of Justice has reportedly ruled against the EU-US shiel spam phone number data d, on the grounds that domestic US regulations do not provide sufficient guarantees in terms of data protection . However, contractual data protection clauses were deemed valid, provided that a level of protection equal to that of GDPR is guaranteed in the contracts.
In any case, those who use Mailchimp or other US systems to send their emails must ensure that the recipient has given explicit consent to the transfer of data outside the EU , after being informed about the possible risks.
In essence, the level of data protection (i.e. all appropriate safeguards, enforceable rights and effective remedies) required in the context of data transfers from the EU to other countries must be equivalent to that guaranteed by the European Union. For this reason (since there may not be real equivalence due to different legal systems, distance and different languages), despite the validity of contractual clauses, many European companies may not feel comfortable entrusting their data to an American email marketing service .
The transfer of data takes place, in fact, on servers in the USA and its processing is in any case subject to internal US regulations, which makes it difficult to guarantee the same data protection standards for a European company based in Europe and therefore (as necessary) aligned with the GDPR. The legal systems in force in European states, in fact, are very different from those in force in the United States and, also in terms of privacy, national law is always bound to prevail.
