EU-US and Swiss-US Privacy Shield Frameworks | Legal | Mixpanel

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

What are the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks? The European Commission’s Directive on Data Protection went into effect in October of 1998 and prohibits the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for data protection. Because the EU identifies the United States (U.S.) as one of the countries that does not meet the “adequacy” standard, a mechanism was needed to allow companies in the EU to send data to the U.S. The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and the European Commission to allow a mechanism for companies on both sides of the Atlantic to comply with the EU data protection requirements when transferring personal data from the EU to the U.S. Due to the success of the EU program, Switzerland entered into an almost identical framework in January 2017. Additional information about the EU-U.S. Privacy Shield Frameworks is available here. Is Mixpanel Privacy Shield certified? Yes, Mixpanel was among the first of its competitors to self-certify to the Privacy Shield Framework. You can verify Mixpanel’s current certification by checking the public list of Privacy Shield certified organizations posted on the Privacy Shield website.  What does the Privacy Shield certification mean for Mixpanel customers? Mixpanel is committed to the privacy of its customers, to protecting their personal data, and to offering our services through a safe and compliant environment. Mixpanel has voluntarily certified under the Privacy Shield Frameworks so that our customers can feel confident that we are providing adequate levels of protection of personal data. The Privacy Shield Frameworks bring stronger data protection standards that are better enforced, safeguards against government access, and easier redress for individuals in case of complaints. In addition, the upcoming General Data Protection Regulation (GDPR) in the EU specifically recognizes the Privacy Shield as a valid, legal framework for the transfer of data. The Privacy Shield Frameworks are based on the following principles:

  • Strong obligations on companies handling data: Under the arrangement, the U.S. Department of Commerce will conduct regular updates and reviews of participating companies to ensure that companies follow the rules they have submitted themselves to or face sanctions.
  • Clear safeguards and transparency obligations on U.S. government access: The U.S. has given both the EU and Switzerland assurance that the access of public authorities for law enforcement and national security is subject to clear limitations, safeguards and oversight mechanisms.
  • Effective protection of individual rights: Any citizen who believes their data has been misused under either Framework will benefit from several accessible and affordable dispute resolution mechanisms.
  • Annual joint review mechanism: The mechanism will monitor the functioning of the Privacy Shield Frameworks, including the commitments and assurance regarding access to data for law enforcement and national security purposes.

Does Safe Harbor still exist? No. There is no country that recognizes the Safe Harbor Framework. What if I have additional questions? Please contact Mixpanel’s compliance team at