8 Jun 2022 • Rédigé par Simon Dawlat
We founded Batch in 2015, right in the midst of Edward Snowden’s revelations which exposed the first global mass surveillance programs.
In 2016, we started hearing about the upcoming European GDPR regulation, which was eventually implemented in May 2018 and changed our industry forever.
Then, in 2020, when everyone thought things were going to settle a bit, the European Union handed down a major ruling by invalidating the Privacy Shield which used to regulate data transfers between the US and the EU.
It’s been a tough decade for organizations wanting to truly put their user’s privacy and security first.
At Batch, we hold a unique position in the world of Customer Engagement & Push Notifications platforms thanks to 2 strong differentiators that let us support forward-looking organizations across Europe and beyond:
Being the only EU-based platform of our kind makes us impervious to extraterritorial privacy-abusing laws such as the US’s CLOUD Act and others ;
Having chosen the hard way to host our client's data on private hardware lets us ensure data localization in Europe at all times, amongst many other unfair advantages.
First, let’s debunk a myth.
There are no US vendors, even those running "european instances" of any kind of public cloud, that are able to guarantee true data integrity and surveillance programs imperviousness to European organizations.
Because it’s never been about where the data is being stored but about where the legal entity is incorporated since laws like the CLOUD Act are by nature extraterritorial.
Hence, a US vendor could store data anywhere in the world « locally » (on those "european instances" for example) and they could still be subpoenaed back home and no one would ever know that they had handed over the data, regardless of wherever in the world it was collected and/or stored.
Hence, organizations that take data privacy really seriously have no choice:
They must work with EU-based vendors,
They must ensure those vendors themselves work with EU-based hosting providers.
And this is precisely what what we offer:
Batch, which is fully owned by iMediapp SA, is proudly incorporated in Paris, France. (We are not a subsidiary.)
We work exclusively with two EU-based publicly-traded hosting providers: OVHcloud and Scaleway.
And that’s not all.
At Batch, we’ve made the tough choice to use private hardware exclusively to host our client's data, not public clouds, as part of our global privacy by design initiatives.
This is what the industry calls bare-metal servers.
Simply put, it means we host our client’s data on dedicated machines (that we do not share with anybody else and can tweak entirely) and that we know where the data is stored at all times.
There are some caveats to doing this.
The main one being that it truly is the hard way, in an era where infinitely scalable platforms such as Amazon AWS or GCP (Google Cloud Platform) lets you scale to hundreds of millions in just one click.
But there are many unfair advantages too:
The GDPR itself doesn’t specify any incorporation and/or data localization requirements, but this article could hardly exist without a reminder of Batch’s approach to GDPR compliance.
In fact, companies across Europe increasingly require that their data be stored locally as part of their GDPR requirements.
These are usually:
Most of them now turn to Batch for their customer engagement and push notification needs.
At Batch, we approach GDPR compliance from 4 angles:
The complete list of tools, methods & best practices we make available for our clients to comply with the GDPR can be accessed on this page.
Fresh news on modern CRM in your inbox !