Announcing TUNE’s Privacy Shield Certification

In our ongoing effort to stay ahead of the curve in data privacy and security, we’ve spent the last few months ensuring that our commercial and internal data practices meet the new EU-US Privacy Shield standard.

Good news, TUNE fans: as of September 2016, the US Department of Commerce has accepted TUNE’s self-certification as Privacy Shield compliant. But don’t take my word for it — see TUNE’s listing on the Privacy Shield site.

Why Privacy Shield?

In the wake of the Snowden allegations in October 2015, the EU-US Safe Harbor was declared invalid by the EU’s highest court.  The uncertainty that followed created transactional challenges for TUNE and many other US companies because the Safe Harbor was the easiest way to legally transfer data from the European Union to the US.  Without it, companies had to look at alternate methods of transfer – all of which were much more complicated and burdensome than the Safe Harbor.

Earlier this year, a new and improved EU-US data transfer agreement emerged — the EU-US Privacy Shield Framework. The Privacy Shield is still the easiest and most straight-forward way to evidence compliance with EU data transfer rules and a broader commitment to best practices in data privacy.  And, as TUNE learned, the process of working through the Privacy Shield certification questionnaire is a meaningful project to ensure that business practices are in line with the Privacy Shield Principles.

What does Privacy Shield certification involve?

Privacy Shield certification is achievable for companies that have their data protection and privacy house in order.  The bulk of the work initially starts with updating privacy policies and confirming that the right controls are in place to ensure that your privacy policy “walks the talk.”

To get Privacy Shield certification for transfers of both commercial and internal data at TUNE, we:

• Updated our privacy policies for HasOffers, TUNE Marketing Console, and our tune.com corporate website for alignment with the Privacy Shield principles.
• Created a Privacy Shield statement, an end user facing document that describes how TUNE processes commercial and internal data, affirms the jurisdiction of relevant regulators, and directs consumers on how to submit a complaint to TUNE.
• Created an internal employee privacy policy, which details how our human resources philosophy informs our employee data collection and use.
• Conducted diligence with internal TUNE teams to confirm that our Privacy Shield Statement and privacy policies align with our actual practices, including  close collaboration with product and engineering for commercial data and human resources for internal data.

Onward and upward

The Department of Commerce provides a nine-month grace period for companies that get certified by September 30, 2016 to conform third-party contracts with the new onward transfer requirements under the Privacy Shield; companies who apply after this deadline will not have this benefit.

TUNE will work with our clients and partners to ensure compliance with the new onward transfer requirements, and continue to prioritize partnerships with third parties that also value data privacy and security,

A final word

For TUNE, Privacy Shield self-certification is a no-brainer — we’re proud to serve as the trusted mobile marketing solution in our fast-changing industry, and our clients and partners expect us to lead by example. Along with our strong privacy statements and disclosures, we believe that TUNE’s Privacy Shield certification will provide clients, partners, and the marketing technology ecosystem even more evidence of TUNE’s continued commitment to privacy and data protection.

Co-written by Saira Nayak, current advisor and former Chief Privacy Officer at TUNE, and Ben Golden, Director of Legal Affairs at TUNE.

Like this article? Sign up for blog daily digest emails.