NationBuilder Privacy Blog

Oct 16 2015

As many of our European customers are aware, the US-EU Safe Harbor Framework was declared invalid last week by the Court of Justice of the European Union. In a formal statement released earlier today, the Article 29 Working Party called for a 3-month period of analysis to determine the impact of the CJEU’s judgment.  The Working Party called on US and EU regulators to use the “grace period” to work out a new Safe Harbor deal acceptable to all parties.

This means our EU customers can continue to use NationBuilder. And we are as committed as ever to continued service for our EU customers. We will continue to work with our data sub-processors to put the EU Model Clause agreements in place, and begin to sign Model Clause agreements with our customers as soon as possible. We are also continuing to evaluate long term solutions, such as placing servers and employees in the EU, in case of continued regulatory strife between the United States and European Union.

Oct 7 2015

At NationBuilder, we are fiercely committed to customer success, and customer privacy is an integral part of our commitment. On October 6th, 2015, the European Court of Justice struck down the US-EU Safe Harbor Framework, which supported data transfer from the EU to the United States. Due to the ruling, NationBuilder will soon be offering European customers a data processing agreement that includes the European Commission’s standard contractual clauses. This agreement ensures that our customers can continue to use NationBuilder services and maintain compliance with the law.

Can I still use NationBuilder in the EU?

Yes, absolutely. To ensure that our customers can continue to use NationBuilder, we are providing a data processing agreement that facilitates the transfer of Personal Information from Europe to the U.S. under EU Data Protection Laws. NationBuilder customers in the European Union will immediately be able to execute this data processing agreement, which has been pre-signed by NationBuilder. The data processing agreement includes the European Commission’s standard contractual clauses, known as the “model clauses.” The data processing agreement will apply so long as there is not another legal basis for transfer of data from the EU the U.S.

How does NationBuilder comply with EU Privacy Laws?

Privacy and control over data are essential for our customers and for NationBuilder. In addition to the data processing agreement mentioned above, we give our customers complete control over their database, including the flexibility to add, modify, and delete data as they see fit. We ensure that customer data is kept private through the use of “Strong Encryption” (either AES256 or TSL 1.2) on each customer database. NationBuilder maintains a security policy that incorporates technical, administrative, and physical security measures to ensure that customer data remains private and secure.

What happened to the US-EU Safe Harbor Framework?

The European Court of Justice determined that the US-EU Safe Harbor Framework was not sufficient to protect the privacy rights of citizens living in the European Union. The court then declared the US-EU Safe Harbor Framework invalid. For more information, please see the press release from the Court of Justice.

What is the US-EU Safe Harbor Framework?

The US-EU Safe Harbor Framework facilitated the collection, use, and retention of personal data from the EU by U.S. based companies that certified compliance with the Safe Harbor principles. The Safe Harbor Framework was established in 2000 by the U.S. Department of Commerce and the European Commission. You can find more information about the US-EU Safe Harbor principles at the U.S. Department of Commerce’s website.

How can NationBuilder customers execute a data processing agreement?

If you're an EU-based customer, you'll soon be able to see and sign a data processing agreement in your nation’s control panel.  In the meantime please email for questions or to receive the agreement to sign.


Share this post