Type in your suggestion - new feature or improvement idea

Data protection compliance for European users

I have already discussed this issue in General Discussions but just wanted to formally place it in the Wishlist.

This is the gist of current EU legislation on transfer of data outside the EU :

"Transfers may be made to any country or territory in respect of which the Commission has made a ‘positive finding of adequacy’. . . .The Commission has so far recognized Andorra, Argentina, Australia, Canada (commercial organisations), Switzerland, Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Uruguay and the US Department of Commerce's Safe Harbour Privacy Principles as providing adequate protection . . .

If the transfer is to the United States of America, has the US recipient of the data signed up to the US Department of Commerce Safe Harbor Scheme?"

See this link for full text : http://ec.europa.eu/justice/data-protection/document/international-transfers/adequacy/index_en.htm#h2-1 ) I know this cannot be achieved quickly but hope that WA can put it on the Roadmap as it's a worry for all European WA users.

10 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Biz55 shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    8 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Sarah commented  ·   ·  Flag as inappropriate

        So I found this response by Wild Apricot "Wild Apricot sites are compliant with the European Union’s Data Protection Directive. That’s because Wild Apricot sites are hosted on Amazon Web Services (AWS), which is certified under the Privacy Shield Network, a framework designed by the US Department of Commerce and the European Commission to allow the US companies to host European sites while complying with the EU’s data protection requirements." But my husband who works in IT Security said this is a false statement. AWC may have some knowledge of the data, but Wild Apricot has the explicit charge of the data. I hope we find more information out soon.

      • Mike Felton commented  ·   ·  Flag as inappropriate

        GDPR (General Data Protection Regulation) compliance.

        This European regulation comes into force 25 March 2018. A legal requirement is that consent must be obtained for email communications and it must be OPT-IN (i.e. a preticked box is absolutely not allowed).

        I see that an opt-in function was introduced in 2017 designed for the Canadian CASL regulation but the introduction of that has apparently been put on hold.

        However the GDPR *IS* coming into force on 25th MARCH!
        The email opt-in function will enable us to comply with the consent but it would be good to have a consent request email template soon (similar to the CASL version).
        Please??

      • Will Ton commented  ·   ·  Flag as inappropriate

        Meaningful progress to full EU Data Protection - Regional data separation is possible via AWS. You can put our data in a separate region.

      • Anaida Dibra commented  ·   ·  Flag as inappropriate

        I think the reply from WA rather misses the point which is not just about location, but also overall compliance. Firstly there is no reassurance as to whether WA has indeed signed up to the US Safe Harbour, which was the original question if I have correctly understood it, but secondly there is no reassurance re whether WA has plans to ensure that it is compliant with EU law before 2018 implementation, which is rather critical for those of us based there.

      • Susannah Haan commented  ·   ·  Flag as inappropriate

        Commercial organisations in Canada are also recognised - see http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
        However, EU data protection law is changing from 2018, so we would need reassurance that Wild Apricot would be in conformity when the legislation comes into force. We have already had some corporate sponsors asking for personal data not to be transferred outside the EU in order to avoid any problems with the legislation.

      • Will commented  ·   ·  Flag as inappropriate

        Im surprised there are so few comments on this.
        Wild Apricot stated that: "we do not have much control over which country exactly the servers are ultimately located" so it has terrified most of my board members.

      Feedback and Knowledge Base