The Inner Circle

Privacy Shield Invalidated

  • 1.  Privacy Shield Invalidated

    Posted 7 days ago
    Edited by John Yeoh 6 days ago
    Last week, CSA held an Ask the Expert session for Corporate Members on the EU Court of Justice decision to invalidate Privacy Shield. What questions and uncertainties are you facing with this latest decision?

    Experts Francoise Gilbert and Paolo Balboni shared insights on what it means for organizations moving data outside of the EU and what actions can be done immediately.

    • Start with an assessment of your data and work flows
    • Identify the legal basis of data transfers
    • Update references to Privacy Shield
    • Continue to monitor the discussions of supervisory authorities in Europe
    Understand how these bullet points impact you as a data processor or controller. Data flows and inventory are paramount to ensure privacy mechanisms are in place. Contact your suppliers, subcontractors, and processors that are involved. There is still much to learn about the Standard Contractual Clauses (SCC) that were upheld. For more info, read Francoise and Paolo's blogs:

    Francoise Gilbert: EU Court of Justice Decision - Privacy Shield Invalidated...
    https://cloudsecurityalliance.org/blog/2020/07/16/eu-court-of-justice-decision-privacy-shield-invalidated/

    Paolo Balboni: Privacy Shield is Invalid... Part 1
    https://www.paolobalboni.eu/index.php/2020/07/23/privacy-shield-is-invalid-heres-what-you-need-to-do-now-a-new-age-of-data-transfers-part-i/

    Join the next Privacy Level Agreement Working Group call on August 4th to dig further into privacy that impacts your organization.
    https://circle.cloudsecurityalliance.org/events/event-description?CalendarEventKey=d6bf689c-5cc9-4abc-a160-8eed874ea9f6&CommunityKey=5a10495b-816b-472b-8130-ecfd663b3934&Home=%2fcommunity-home1