Twilio Expands Information Safety Choices for EU Clients in Gentle of Latest Ruling on Schrems II
First published on the Twilio blog on February 25, 2021. Visit the original post here.
The transfer of personal data from the EU to the USA and other third countries has long been a problem for data protection-conscious EU customers and EU data protection authorities. On July 16, 2020, these concerns came to the fore again when the Court of Justice of the European Union (ECJ) ruled on Schrems II. Although Twilio has already taken important steps to ensure that the data we process is adequately protected wherever we process it in the world (including, but not limited to, our binding company rules and the publication of semi-annual transparency reports), we know they are Decision raises important questions about the impact it can have on your business.
We are pleased to share the following details with you on how Twilio is taking further steps to give customers better control over the transfer of personal data, and we are committed to providing quarterly updates.
As regions like Europe continue to lead the way in developing comprehensive data protection and data protection regulations, we continue to expect that similar data protection and data protection regulations will soon become more common worldwide. The decisions of the ECJ only accelerated Twilio’s work. Our teams are actively working on a comprehensive regional strategy that will expand our global infrastructure to EU data centers and update internal processes to further mitigate ECJ concerns about cross-border data flows and other constraints customers may face on the transfer of personal data from the EU.
This will be an iterative process, but there are three core efforts that are actively underway:
- We enable you to save personal data of EU users in the European Union.
Twilio customers have control over where their data is physically stored, so they can keep EU personal data entirely within the EU region, both at rest and during transport.
- We are implementing additional security controls that prevent Twilio employees from accessing EU personal data without proper authorization.
Non-EU Twilio employees cannot access EU personal data without the express permission of an EU institution. This includes implementing controls to ensure that only pseudonymized data is transmitted to Twilio systems in the US and further expanding our corporate access control system to improve control and control over access to EU personal data.
- We are implementing additional legal protections for EU customers who enter into contracts with Twilio.
Twilio will update our contracts to ensure that new EU customers are contracted through our company in the EU by default. On request, we also offer options for current EU customers to conclude contracts through our EU unit.
What we will deliver in 2021
What we aim to deliver this year is a significant step in addressing customer concerns related to cross-border transfers of personal data out of the EU. However, we plan to approach this process gradually.
During the first half of 2021, Twilio will test our regional initial offering, starting with our voice and messaging products. The messaging channels supported under this initial offer are SMS and chat. In the second half of 2021, we intend to enable these channels within our regional Irish unit. We will then continue to work on integrating more Twilio products in 2022.
It’s important to note that our primary focus for our first channel offering in 2021 will be to isolate customers’ end-user data, such as: B. Message Details or Call Detail Recordings and Audio Recordings – data for which we primarily act as a processor under the GDPR. We will continue to work towards regionalizing other non-end-user operational data such as: B. Billing and invoicing, support, regulatory compliance and business analysis information.
We aim to keep you updated
Transparency is at the core of Twilio’s mission to be the world’s most trusted customer communication platform. We aim to provide additional updates quarterly as we continue to aggressively work towards deploying wide regional infrastructure.