Singular Service Unaffected by Privacy Shield Ruling

Last Thursday, the Court of Justice of the European Union (CJEU) issued its decision around the “Schrems II” case, effectively invalidating the EU-US Privacy Shield framework, one of the mechanisms that support transfers of personal data from the EU to the US.

Singular’s Attribution customers are not affected by this ruling; however, we understand that our customers and marketers, in general, may have questions about this decision. Note that if you’re using Singular for Analytics, we encourage you to reach out to your MMP for further details on how they are handling transfers of personal data from a compliance perspective.

The invalidation of Privacy Shield will likely impact thousands of US companies that rely on the framework. Thankfully, we already have a solution in place, “Standard Contract Clauses” (sometimes referred to as “Model Clauses”), to seamlessly continue receiving personal data from the EU despite the Privacy Shield’s invalidation. The CJEU upheld this approach in the Schrems II case.

What is Privacy Shield?

The US-EU Privacy Shield framework, aka Privacy Shield, is a mechanism established in 2016 by the United States government and the European Commission. Companies in the US who want to receive personal data originating in the EU for processing in the United States could voluntarily self-certify under the US-EU Privacy Shield framework and take on higher commitments to privacy to be considered “adequate” by the EU to receive personal data. 

Singular and many other companies who are required to process personal data as part of its services, had certified itself under Privacy Shield.

What is the new ruling?

In Thursday’s judgment, the CJEU invalidated the US-EU Privacy Shield framework as a data transfer mechanism. The court held that given the disproportionate, mass and bulk access that US law enforcement and intelligence agencies have to personal data under US laws, the US-EU Privacy Shield framework does not provide sufficient protection to EU personal data per the GDPR. Therefore, the court’s striking down the US-EU Privacy Shield framework renders the Privacy Shield an invalid mechanism to support cross-border transfers of personal data from the EU to the US. The court’s judgment is effective immediately.

Singular is certified under the now-invalidated Privacy Shield. How can Singular continue to receive EU data lawfully?

Singular uses a solution called “Model Clauses” or “Standard Contract Clauses”, which was upheld by the CJEU in the Schrems II case. According to the Model Clauses solution, Singular’s data processing addendum (DPA) includes special data protection clauses adopted by the EU Commission as a mechanism to legalize cross-border transfers of personal data from the EU to the US. If you’re using our attribution services, you should have a DPA as part of your service agreement that includes the Model Clauses.

Are Model Clauses sufficient to allow cross-border transfers of personal data from the EU to Singular?

Based on the Schrems II case, Singular firmly believes the Model Clauses are sufficient. Under the Model Clauses, Singular is committed to notifying the customer immediately if it has reason to believe that it cannot comply with the Model Clauses due to US law enforcement or intelligence agencies requesting access to the data Singular has. Singular reaffirms this commitment and confirms that we have no reason to believe that we cannot comply with the Model Clauses.

What’s next?

The privacy landscape is ever-evolving – recently at higher speeds than ever before. Our security and privacy philosophy, as reflected recently with our response to IDFA changes in iOS 14 and SKAdNetwork, has always opted for a more strict approach, with a multitude of solutions for our customers. This philosophy translates to significant investments we are making by introducing more robust mechanisms to go beyond what’s minimally required by the standard compliance. Additionally, it means that we look at regulations such as GDPR and CCPA, and at standards such as COPPA with a more critical eye than otherwise required.

We continue to stay committed to ensuring your data on our platform remains protected and private.

Evaluating the true impact of web-to-app conversions

In this first article in a series on cross-device attribution, we describe why marketers should leverage the web as a meaningful acquisition channel, even with app-only products.


Traditionally, mobile attribution providers have outright avoided the web. Or, they’ve offered limited solutions built with problematic assumptions and mobile-centric design that lack the technical depth to properly address the web as a meaningful acquisition platform—even for entirely mobile apps.

This is changing. As advertisers get smarter, tools get smarter, and vendors are looking to expand and provide better solutions as they continue to compete with each other in the busy SaaS MarTech space.

Interestingly enough, while the above is clearly relevant for products that contain both mobile and web—whether it’s mobile web or desktop—it’s also becoming more relevant for “pure” mobile apps that aim to acquire users through mobile search, web-based registration flows, and other web-focused acquisition strategies.

Why web?

Almost all user acquisition teams today end up running campaigns on the web. For products that support both mobile and web, running web ads that lead to your web-based product typically yield higher conversion rates, which then provide easier paths for having users download your app. However, even app-only products end up having ads showing on mobile web inventory, with links typically leading to app stores. This leads to poor conversion rates.

However, arguably the biggest missed opportunity by not running paid ads or other types of web campaigns is Search. Search is a great way for people to find your app or website. And, the ability to optimize your acquisition by understanding how different campaigns, keywords, and content work is vital to maximizing your budget.

Sadly, most mobile attribution providers are as their name suggests—focused on mobile. Solutions are very limited and lack the technical depth to support the variety of user flows between web and mobile.

Web-to-app tracking: just one use web/mobile case

Web-to-app tracking is a great use case to start with, as we begin to unfold the variety of user journeys between web and mobile. The term commonly refers to the situation where someone visits a web page while using their mobile device.

Perhaps this web page is the full-blown product. It could also be a simple landing page. In both cases, users see a link to install the app. Most often, this appears as a banner at the top or bottom of the page.

cross device attribution

In most cases, marketers would rather let the user
convert first, for example by making a purchase of the product they originally searched for. This would intuitively increase the chances of a user wanting to download a new app. In some cases such as mobile gaming, the user’s intent is higher (they’ve reached this page after their search), and direct download may be ok.

The first scenario of a user converting on the web requires the attribution provider to support web attribution. We’ll get back to this later. 

Let’s focus on the second use case, where the user came in from Search or from a web ad, to then click a link and download the game. The important question we ask ourselves as marketers here is what do I know about this user? Which campaigns did they come from? Which ad groups or ad sets, and how much did I pay for them? What are the keywords that work better for me, and what terms result in higher click-through rates?

All of these questions are what a capable attribution provider should answer.

When tracking web-to-app conversions, the ideal report is one that allows you to focus on a specific channel, dive into each and every campaign, and understand what the campaign is yielding in terms of app installs, post-install conversions, and eCPI and eCPA for different components within the campaign or the campaign as a whole. This allows us to compare it to other paid campaigns and activities. 

There are even more fundamental questions such as:

  • How should I create the right links?
  • What UTM parameters should I use and how?
  • Can I link a UTM parameter to an app install? 

Unfortunately, traditional tools today lose this context and as a result, reporting options are either not showing any context previous to the web page visit, or a very limited one.

Fortunately, the solution needed to solve the problem isn’t that complex. But it does require an understanding of both web tracking—how partners work and what UTM parameters should contain—and mobile. And, most importantly, how to tie the two together.

What’s next?

In the following articles we’ll dive deeper into the mechanics of how web-to-app tracking works, as well as continue to more advanced topics such as web tracking and the Holy Grail—cross-device attribution.

cross device attribution

If you’d like to learn more about Singular’s web-to-app and cross-device capabilities, please reach out to
schedule a demo.