A Privacy Shield Update from the Userlike Team

The European Court of Justice recently declared the Privacy Shield, the data protection agreement between the EU and the USA, invalid. I’ve seen plenty of comments from (mostly American) software solutions claiming that they’re still GDPR compliant.

I think such claims lack respect towards the public because they’re not founded on truth. The truth is that practically no online business is unaffected by this latest ruling – and especially not American software solutions. I’d like to be transparent and explain you how the ruling affects Userlike.

Data security has been one of our product pillars since starting up, and it’s been one important reason for many companies to choose us. As described on our page on the topic , our setup consists of an extensive set of data privacy features and a secured server setup with encrypted hosting in German data centers.

Many of our customers are, however, operating on a global scale. To ensure that Userlike works smoothly wherever you are, we rely on Amazon’s Web Services (AWS) for technical data delivery. In this process, Amazon AWS receives the end user’s IP address, which is automatically deleted after 24 hours. Amazon is one of the 5000+ companies that has been affected by the end of the Privacy Shield – and consequently, we have been affected as well.

If you imagine the internet like a massive network of roads, then all the main highways are owned by American companies (e.g. Amazon, Google, Apple). Blocking off those critical highways is not a sustainable option.

Either (A) a new agreement is made, (B) new highways are built, or (C) the existing highways are adjusted. Until one of the options materializes, we’re all in the same boat sailing through no man’s land.

We are currently exploring the possibilities of option C with our affected sub-contractors, and we are seeing some hopeful signs. We will be sure to update you as soon as there is progress there.


Timoor Taufig