CS Nov-Dec 2020
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Data privacy<br />
today's legal reality.<br />
has been re-opened.<br />
The US has a strong national agenda; their<br />
economic interests and national security<br />
concerns don't necessarily align with EU data<br />
protection laws. The question now is how the<br />
US will respond. Will US companies be fined<br />
for violations of GDPR or could US intelligence<br />
agencies be restricted in their access to the<br />
personal data of European citizens? We<br />
should expect some debate; with national<br />
security, it is a two-way street. Data-driven<br />
business with high economic value is more<br />
biased to US interests.<br />
What are the implications for European<br />
enterprises?<br />
MF: Many will look at this and think, "There is<br />
nothing we can do". Most use tools provided<br />
by third parties from outside the enterprise<br />
and there is a high dependency on external<br />
contractors. In today's world, there is no going<br />
back from using office tools, databases,<br />
analytics tool, integrations…it is not only<br />
cloud service providers offering these, and the<br />
biggest players are in the US; in Europe, we<br />
have fewer data-driven businesses, and many<br />
promising EU based technologies and startups<br />
have been acquired in their infancy.<br />
If you remove those tools because US<br />
companies don't meet the required standards<br />
of GDPR, many EU companies can't function<br />
well. European enterprises are required to<br />
comply with all data protection laws, so they<br />
must identify any areas where they don't and<br />
take action. If they fail to do so, they risk<br />
getting dragged into a maelstrom of fines.<br />
The potential financial consequences of this<br />
ruling are huge.<br />
What can enterprises do, in concrete terms?<br />
MF: This ECJ ruling was effective immediately.<br />
So, it is important for enterprises to act now<br />
and mitigate the potential risks. European<br />
companies operating mainly in Europe already<br />
have a high standard to meet, namely the<br />
GDPR; they run into trouble when they<br />
employ the services of companies that don't<br />
comply. European enterprises need to divert<br />
the risks that suppliers can cause for them and<br />
require their compliance with any applicable<br />
EU data protection laws. Eventually, there will<br />
be a new agreement increasing the pressure<br />
on the US to change priority, but until then<br />
businesses must ensure their compliance with<br />
How has Cryptshare reacted to this?<br />
MF: Enterprises must comply the way they<br />
needed to before. For European companies<br />
operating in Europe, we already have a high<br />
standard, which we help companies to meet.<br />
Data is one of today's most valuable assets;<br />
entire business models are built on it.<br />
Therefore, it greatly matters where this data<br />
goes and what happens to it, once it is there.<br />
Enterprises need a product like Cryptshare to<br />
protect their data in transit, and make sure it<br />
remains safe between senders and its<br />
intended recipient, not falling victim to<br />
predators that include data-driven businesses,<br />
bad actors and governments both legitimate<br />
and malign. That is the essence of the ECJ<br />
ruling.<br />
Where can transatlantic data privacy<br />
agreements go from here?<br />
MF: Action is required from all parties;<br />
politicians must draft a new agreement<br />
between the EU and the USA that constitutes<br />
a sustainable and resilient basis for all future<br />
data transfers to the USA, and this must be<br />
done quickly. In order to stand up to the<br />
scrutiny of the ECJ, any agreement must<br />
ultimately meet the data protection<br />
requirements that EU standards demand.<br />
In the United States, other factors are clearly<br />
given priority, namely their economic interests<br />
and their intelligence agencies' wide-reaching<br />
powers to access personal data, regardless of<br />
its origin or location. They have so far shown<br />
little willingness to make concessions to<br />
European data protection laws, should they<br />
come at the expense of their national<br />
interests. It currently seems that it will be up<br />
to Europe to make its own demands for data<br />
protection and data privacy a reality, as the US<br />
seems unwilling to concede ground.<br />
To find out how enterprises can exchange<br />
sensitive messages and files in a secure,<br />
traceable and compliant way, go to:<br />
https://bit.ly/3mU8is1<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Nov</strong>/<strong>Dec</strong> <strong>2020</strong> computing security<br />
21