#23: Schrems 2, Privacy Shield, and data sharing

Adding more complexity to international privacy lawA recent ruling from the Court of Justice of the European Union invalidates the US EU Privacy Shield, which has many implications for data rules around the GDPR. More than 5,000 U.S. companies rely on Privacy Shield to conduct trans-Atlantic trade in compliance with the GDPR. We talk with a team of legal experts to clarify what this means for you and your international business.Comprehensive data protection for European residentsGDPR stands for “General Data Protection Regulation,” which governs how businesses that interact with and collect data of European residents can be managed. It regulates everything from:Why an organization collects dataHow much data organizations should collect when building platformsHow long organizations can store your dataHow organizations handle international transfersWhat happens in cases of misuse of data or privacy breachPrivacy Shield allowed for data flow between the EU and the USUnder the GDPR, for you to transfer the data, there’s a determination of whether a particular country is “adequate” in terms of data protection.Brandi Bennet, one of our guests, helps us define adequacy. “Europe has high standards for data protection: your data protection rights are considered a human right. What adequacy really means is, when they transfer the data to another country, are those country’s laws as good as our laws? Do they treat and protect data as robustly and as strong as we do?”The United States does not meet The EU’s adequacy requirements. The Privacy Shield treaty provides a framework to nonetheless allow for data flow between the EU and the US. With the ruling, we’re no longer legally allowed to use Privacy Shield, which leaves businesses wondering what practical measures can they take to protect their data? Some suggestions from our guests are:Data encryption and minimizationStorage minimizationRisk assessment of your vendorsPseudo-anonymization, where you’re masking the identity of your users behind other identifiersGiving customers access, notice, and choiceYou can read more about international privacy law on the International Association of Privacy Professionals website.Platform.shLearn more about us.Get started with a free trial.Have a question? Get in touch!Platform.sh on social mediaTwitter @platformshTwitter (France): @platformsh_frLinkedIn: Platform.shLinkedIn (France): Platform.shFacebook: Platform.shWatch, listen, subscribe to the Platform.sh Deploy Friday podcast:YouTubeApple PodcastsBuzzsproutPlatform.sh is a robust, reliable hosting platform that gives development teams the tools to build and scale applications efficiently. Whether you run one or one thousand websites, you can focus on creating features and functionality with your favorite tech stack.