Mailchimp is out, even if…..

I am pretty creative when it comes to taking the GDPR legal stuff and working out how to make it work in practice. No business/organisation should hit a wall of what I call ‘GDPR paralysis’ because of something legal which prevents a business from functioning. Our livelihood depends upon a working economy and a healthy GNP. In fact if we didn’t have this, human rights starts to become problematic, because if we as private people do not have access to jobs we lose something which is the most important word in IMHO, and that is CHOICE.

Whenever I am presented with a stop, i.e. “no can’t do”, it is an opportunity to think new. Schrems II is one such example. I did not see it as a stop on international transfers over to the US. It just meant we needed increase diligence, document all and do those Transfer Impact Assessments (TIA) so we understand risks to the rights and freedoms of the natural person. Identify supplementary measures. We need to be realistic.

However, I must admit that the latest decision on Mailchimp in Germany is a show-stopper. From what I’ve dug out, it is only email addresses used in a mailing campaign which was in scope of the international transfer. Risk to the rights and freedoms of the natural person is zero/negligible. Yet due to indications that Mailchimp may in principle be subject to data access by US intelligence services on the basis of the US legal provision FISA702 (50 U.S.C. § 1881) as a possible so-called Electronic Communications Service Provider and thus the transfer could only be lawful if such additional measures (if possible and sufficient to remediate the problem) were taken. “

My take on this previously was to assess risk to the rights and freedoms of the individual, however, now this approach has been kicked out, ignored. I wonder where is the logic, the balance in this decision? Clearly if Mailchimp was being used to send out marketing communications from a Sex Shop, or from a specialist group around a health condition, I could understand this… but an email address used in a standard non-personal communication?

I am wondering which monkey was behind this decision, or am I missing something?

Leave a Reply

Your email address will not be published.