CS Nov-Dec 2020
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Data privacy<br />
BEYOND THE EU-US PRIVACY SHIELD:<br />
WHAT'S NEXT FOR EUROPEAN ENTERPRISES?<br />
A NEW RULING HAS SHAKEN UP HOW THE EU AND U.S. REGARD DATA PROTECTION AND DATA PRIVACY<br />
comes to processing and using data, namely:<br />
For more effective monitoring and control<br />
of an entire population<br />
For the pursuit of one's own geopolitical<br />
interests<br />
For the benefit of specific economic<br />
interests<br />
With focus on data protection and the<br />
rights of individuals.<br />
Cloud computing and the networking of a<br />
wide variety of systems mean many European<br />
companies send data streams to the United<br />
States, where the international market leaders,<br />
the so-called 'big players', are based. The ECJ's<br />
ruling means there are many enterprises that<br />
are compelled to act now.<br />
The European Court of Justice (ECJ)<br />
judgment invalidating the EU-US Privacy<br />
Shield has caused uncertainty for many<br />
enterprises and presented them with<br />
challenges on how to handle private data. In<br />
the long term, this ruling offers European<br />
enterprises valuable chances for reassessing<br />
data-driven business models and re-imagining<br />
them in a way that is compliant with the<br />
required protections of personal data. Things<br />
may not be so simple for US enterprises<br />
seeking trade in Europe.<br />
As with its predecessor, the Safe Harbour<br />
Privacy Principles, overturned in 2015, the EU-<br />
US Privacy Shield determined that transferred<br />
data in the United States was not sufficiently<br />
protected under the current EU law (GDPR)<br />
demands. Standard Contractual Clauses,<br />
which constitute the foundation on which<br />
many enterprises transfer data to the USA,<br />
continue to be valid. If, however, it turns out<br />
that, despite these clauses, data protection in<br />
the United States (in real and concrete cases)<br />
does not take place, this last remaining legal<br />
basis will undoubtedly be invalidated as well.<br />
Private digital data is increasingly valuable<br />
and is a highly sought-after resource - 'the<br />
new gold'. There are different motives when it<br />
We asked Cryptshare CEO Mark Forrest to<br />
offer his thoughts on what has transpired:<br />
What are the key takeaways from this ruling?<br />
Mark Forrest: This ruling did not take place in<br />
a vacuum. We are looking at 20 years of<br />
legislation: From the Safe Harbour Privacy<br />
Principles to the EU-US Privacy Shield, the<br />
practice of self-certification had enabled<br />
companies to tick a box and say, "Yes, we<br />
comply". They did not have to prove their<br />
compliance, rather their non-compliance had<br />
to be proven. This practice has now been<br />
ruled invalid.<br />
European legislation demands that privacy<br />
requires specific top priority guidelines. In the<br />
United States, other factors are in the<br />
foreground: National security takes<br />
precedence over data protection concerns,<br />
meaning privacy gets put aside, or is<br />
diminished as a consideration. With this<br />
ruling, there are penalties in place that can be<br />
large for companies that breach the EU<br />
requirements and the case against Facebook<br />
20<br />
computing security <strong>Nov</strong>/<strong>Dec</strong> <strong>2020</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk