Segment’s data residency solutions can help companies easily route events to regional infrastructure with Regional Data Ingestion and Regional Data Storage, now in public beta globally.
At Segment, we believe companies should use data privacy as a differentiator to stay ahead in their industry, and to respect their customers. In fact, 90% of consumers believe the way their data is treated reflects how they are treated as a customer. Now, companies have an opportunity to lead in a new area of data privacy: Data Residency.
Data Residency refers to the physical or geographical location of data. Data residency is typically driven by regulations that require the personal data of citizens in a certain country or region to be collected, processed, or stored in that location.
For citizens of the European Union, the protection of personal data is governed by the General Data Protection Regulation. GDPR holds companies accountable for the way they collect and use personal data about EU citizens, such as email addresses or phone numbers. In 2020 a ruling of the Court of Justice of the European Union (CJEU), referred to as Schrems II, impacted the GDPR compliance requirements of US companies processing EU citizen data.
Prior to Schrems II, thousands of companies relied on the EU-U.S. Privacy Shield Framework to conduct trans-Atlantic trade in compliance with EU data protection rules. However, the most common method of transfer for most companies was to either rely on the “Privacy Shield” (a specific agreement between the EU and the US to govern TransAtlantic data transfers) or to enter into the Standard Contractual Clauses (SCC).
Many companies operated on this basis until July 2020 when the Schrems II ruling invalidated the Privacy Shield as a mechanism for transferring personal data between the EU and the US. In the same ruling, SCC’s were confirmed to remain in force, subject to certain safeguards.
Then, in November 2020 recommendations came out by the European Data Protection Board that advised companies how to further interpret the Schrems ruling. These recommendations raised the bar even higher in terms of being able to rely on the SCC’s as a valid method of transferring EU personal data to the US.
This rapidly changing regulatory environment has put data residency top of mind for many of Segment’s customers. Today we are excited to share how Segment is building localized architecture that can help our customers lead on data residency in the EU and around the world.
Customer data, protected
Segment has long believed that good data etiquette is an essential business practice. As a result we have a history of responding proactively to data privacy legislation. When GDPR was passed, Segment delivered a solution to help our customers on their path to GDPR compliance 6 months before the law went into effect. We had a similar proactive response to the California Consumer Privacy Act, providing guidance and solutions for our customers months before the law went into effect.
Segment takes data privacy very seriously and we are doing the same with Schrems II. When companies think about their response to the Schrems decision they need to consider how their customer’s personal data is stored, processed, and accessed. Customer data spends 99.99% of its life “at rest” in storage, to reduce long-term US data storage companies may consider regional storage solutions. The second factor is where data is processed, this consists of data ingestion and computation. Third is data access which covers who in the organization can access data.
Segment’s data residency roadmap includes local data storage, processing, and access. These capabilities are being released as a series of milestones to help companies store and process EU personal data in-region. We will deliver a localized product for Connections and Protocols, and a solution for Personas, by January 2022.
Today, we are proud to share that Segment can help companies reduce long-term data exposure and easily route events to regional infrastructure with Regional Data Ingestion and Regional Data Storage, both in public beta globally.
Milestone 1 - Regional Data Ingestion
Segment’s Connections product now offers the ability to ingest data at local endpoints ensuring that the first step in processing data will take place in a customer's preferred region. Regional data ingestion is offered in Europe and APAC, with more regions available upon request.
Milestone 2 - Regional Data Storage
Segment customers can now provide their own S3 buckets for archive storage of Connections data. When data is ready to be archived, it can be stored in Europe, or any supported AWS region across the globe.
Your data residency journey
Wherever you’re at in your efforts to keep up with evolving data regulations, we’re here to help. Segment is committed to helping companies practice good data etiquette and navigate new regulations. At Segment, good data not only means high-quality, complete, and actionable data, it also means practicing good data etiquette with the personal data of your customers around the world.
Moving forward, we will continue to update you on our data residency roadmap and on new regulations that may impact your business.
Want to learn more about Segment’s data residency roadmap and about how your approach to customer identity can become a competitive differentiator for your company? Join IDC analyst Gerry Murray and the Segment team for a webinar and roadmap presentation on Thursday May 6th 2021 at 11:00am ET/8:00am PT.