What is the impact of this for those of us that operate a GLOBAL Marketo instance?

Dan_Stevens_ · ‎10-06-2015

Europe’s Top Court Strikes Down ‘Safe Harbor’ Data-Transfer Agreement With U.S. | TechCrunch

Does Marketo have a response to this as they are the data processors here? Actually our Legal team is already asking. So tough for us marketers to operate efficiently in a global environment!

Anonymous · ‎10-08-2015

Like you, Marketo takes privacy seriously. We treat the data that you collect and use on our platform with the utmost sensitivity and employ strict policies and appropriate protections to help ensure the privacy of that information.

Marketo is responding to the recent invalidation of the Safe Harbor Program by developing an addendum to our services agreement that will incorporate the standard contractual clauses, which is an alternative mechanism for transferring personal data outside the EU in compliance with EU data protection law.

More information on the availability of the addendum will be available soon. Check here for updates Update from Marketo on the EU-US Safe Harbor Framework

View solution in original post

Anonymous · ‎10-09-2015

We are a TRUSTe customer and listening to their webinar now on the ruling. For those who are concerned, if you have a legal team in your company and or an InfoSecurity team, make sure they are involved and have a plan in place on how you will be approaching next steps. At the end of the day the ruling is effecting immediately.

That said, it sounds like there is "more information to follow" from the EU governing body regarding this ruling.

With regards to SalesForce:

"Salesforce is immediately making available a data processing addendum that incorporates the European Commission's standard contractual clauses, commonly referred to as 'model clauses'." Source: How worried is Silicon Valley about Safe Harbour? - BBC News

Dan_Stevens_ · ‎10-09-2015

We're in the same boat and have "EU model clauses" in place instead. This is really going to affect those mid-market companies that relied 100% on Safe Harbor.

Anonymous · ‎10-08-2015

Like you, Marketo takes privacy seriously. We treat the data that you collect and use on our platform with the utmost sensitivity and employ strict policies and appropriate protections to help ensure the privacy of that information.

Marketo is responding to the recent invalidation of the Safe Harbor Program by developing an addendum to our services agreement that will incorporate the standard contractual clauses, which is an alternative mechanism for transferring personal data outside the EU in compliance with EU data protection law.

More information on the availability of the addendum will be available soon. Check here for updates Update from Marketo on the EU-US Safe Harbor Framework

Anonymous · ‎10-07-2015

We were concerned with this prior to signing on with Marketo, and we have two separate instances. One for or North American communications and one for our EMEA communications. We were told that the login and data accessed/used in the EMEA instance was held on EU data centers. I'm hoping we are good to go from that perspective.

Grégoire_Miche2 · ‎10-07-2015

Hi Mike,

You are probably safe with regards to data location and compliance with EU laws, but at the cost of productivity. This will impair sharing of best practices and you will carry the risk of getting duplicates that you will never be able to reconcile and merge.

Do you also have 2 separate CRM instances ?

-Greg

Anonymous · ‎10-08-2015

Yes, we have two separate CRM instances as well. If someone from outside our North American territory fills out a form or is imported, there is a webhook and program that pulls them and then sends the records to out EU instance and then removes them from the original Marketo instance, and vice-versa for the EU to NA.

Dan_Stevens_ · ‎10-07-2015

While that may be the case, the issue still remains: I sit in the US. But need access to all of our lead data across the world - e.g., what if I want to open up a lead record from Germany? Or what if I need to download an Excel file of a smart list that contains leads from many European countries?

SanfordWhiteman · ‎10-07-2015

Exactly, Dan -- once the data is at rest in the US we may be in violation. Even it's "just" a report run on the authoritative data, it's just as bad: if it weren't in violation to mirror part of your database in the states. the law would have no meaning.

However, I do wonder about singleton lookups, like looking at a single lead record from the States over the web. That may be an area where we gain some wiggle room.

Grégoire_Miche2 · ‎10-07-2015

More to read here : No Safe Harbor: How NSA Spying Undermined U.S. Tech and Europeans' Privacy | Electronic Frontier Fou...

Grégoire_Miche2 · ‎10-07-2015

Hi all,

I would not be surprised that this is decision from the EU Court of Justice is just the beginning of a negotiation and that at the end, they will find an agreement.

But if not, if you look into it, this probably means that vendors, Marketo included, will be asked to provide architecture where data could be split and the admin could decide to host various data sets in various places.

2 possible ways :

have each lead partitions reside on different data centers
develop the capability to run multiple Marketo instances and yet easily share info between them.

In any case, not an easy task...

-Greg

SanfordWhiteman · ‎10-07-2015

I hope you're right that there will be some adjustments made.

As for your second bullet, though, "easily share info between them" is exactly the problem. The partitioning needs to be true, rather than merely window-dressing.

Grégoire_Miche2 · ‎10-07-2015

At least this what the press is saying here. They think the status quo is impossible.

Another important point is that the EUCJ has not stated any grace period for large internet companies to comply, but the Court decision does not apply as is. Every country has to implement this decision locally, which may take a few weeks, be relayed through local courts, etc...

The whole thing started with the lawsuit of an Austrian lawyer in Ireland 🙂

Grégoire_Miche2 · ‎10-06-2015

The only good news is that other vendors will be in the same difficult situation.

@Sanford, What about doing the reverse and ask to have all your data hosted in the EU?

-Greg

SanfordWhiteman · ‎10-06-2015

For us, such a drastic move would seem beyond consideration. Performance of hosted services is already shoddy enough over international links. And if you turn to a CDN, you are (arguably) allowing PII to be "data at rest" on US shores, reopening the same problem.

And internal databases with international PII are also affected. Moving on-premises databases -- perhaps kept on-premises specifically for security reasons! -- fully to cloud environments in order to have data reside within the EU is a monster of a task. And local caching, or simply a locally saved report, seems like it might violate the new rules.

But nobody knows for sure what'll happen. I'm sure all loopholes will be explored. Maybe it's all RDP from now on!

Grégoire_Miche2 · ‎10-07-2015

Hi Stanford,

What does RDP stand for ?

-Greg

SanfordWhiteman · ‎10-07-2015

Remote Desktop Protocol

Grégoire_Miche2 · ‎10-06-2015

This is an excellent question. From what I understand, it may impact US companies with EU subisdiaries even more than EU companies, since for the later, Marketo provides EU based data centers.

SanfordWhiteman · ‎10-06-2015

You beat me to the question, Dan! We had a meeting today in which we touched on the decision. Our Compliance and Legal are looking into it but there certainly is no good news upfront.