With the legal basis for transferring personal data from the EU to the U.S. gone after the ECJ's Privacy Shield ruling, organizations have only a few options to ensure GDPR compliance.

We’re in the aftermath of the ruling by the European Court of Justice (ECJ) to pull the adequacy decision of the European Commission with respect to the EU-U.S. Privacy Shield agreement. Many companies and organizations across Europe now ponder their options for handling customer data.

The ruling means there is now no legal basis for transferring personal data from the EU to the U.S., including public cloud data centers based in Europe but run by U.S. tech firms. For breaking EU privacy rules, there are fines in the magnitude of up to 20 million euro or 4 percent of worldwide revenue per year.

The European Commission and its U.S. counterparts are already said to be negotiating a future framework for data transfers to replace Privacy Shield. But still, this probably won’t satisfy the ECJ because the US government won’t give up comprehensive access provisions for its national security services anytime soon.

Even the Irish data privacy watchdog, usually friendliest among EU regulators towards US tech giants, has issued Facebook with an order to stop transferring user data from the EU to the US.

So, what are the options after Privacy Shield?

For organizations that work with user data in clouds located in the US or run by US companies, neither inaction nor blind activism is in order.

Organizations could try to deny US government agencies access to data by encrypting it heavily before exporting it. This isn’t easy, can mostly not be implemented overnight and is not 100 percent reliable. Such strategies should be cleared with the local data protection agencies first.

Another way is to get the explicit approval of each and every EU user for transferring their personal data to a server that can be accessed by US government agencies. It isn’t particularly straightforward to phrase those kinds of agreements in such a way that they are legally secure, but with a small and trusting customer base this might work.

Organizations that seek to avoid any risk end up with only one option: Processing the data of their EU users outside the reach of US tech firms. This can also mean outside the EU, in countries that provide adeqacy to the EU data privacy framework. This means the protection level in the destination country must match the protection level inside the EU.

Bottom line, organizations should carefully examine their internal and external shortcomings regarding their EU customers user data. They should then make two plans, one short term and one long-term. The long-term one should include hosting and processing all of the relevant data in a digital sovereign way inside the EU.


septiembre 28, 2020

Ready to see what’s next?

Having trouble viewing or submitting this form?

Contact Us

We care about protecting your data. Here’s our Privacy Policy .

Read now:

Data sovereignty, data protection and the future of open source

Data sovereignty, data protection and the future of open source

Data sovereignty is currently one of the most discussed digital policy issues. Tobias Gerlinger, CEO, 玩嘉电竞下载注册, discusses in detail the growing importance of data sovereignty, measures that companies can implement to protect intellectual property, open source alternatives, the future of open source ecosystems in the European economy, and more.

leer más
Infinite Scale Spaces: A Quantum Leap for Enterprise Collaboration

Infinite Scale Spaces: A Quantum Leap for Enterprise Collaboration

Senior Product Manager Patrick Maier explains how Spaces comes as nothing less than a revolutionary new way of collaboration in modern companies, institutions or organizations. As an elementary feature of 玩嘉电竞下载注册 Infinite Scale, the new cloud-native platform from 玩嘉电竞下载注册, Spaces boost collaboration, save money and significantly reduce administrative overhead while improving compliance, control and security.

leer más
英雄联盟竞猜数据直播正规 英雄联盟竞猜查询决赛 英雄联盟竞猜数据抽注 英雄联盟竞猜入口手机版 大圣电竞(重庆)投注排名 VG电子比分手机版电脑版