New legal opinion shows way out of the cloud dilemma

In a new legal opinion, Prof. Dr. Heckmann from the Technical University of Munich analyzes the Schrems II ruling, its implications for the use of public cloud services and the extent to which the cloud security solution R&S®Trusted Gate by IT security expert Rohde & Schwarz Cybersecurity represents a way out of the current cloud dilemma.

On July 16, 2020, the European Court of Justice declared the Privacy Shield data protection agreement invalid. The decision makes clear that European data held by US providers is not safe from access by American authorities, either in the US or in Europe. In a new legal opinion, Prof. Dr. Heckmann, holder of the Chair for Law and Security of Digitalization at the Technical University of Munich, explains what the general principles of data transfer to third countries consist of, what the previous legal bases for data transfer to the USA were until the Schrems II ruling, and how R&S Trusted Gate represents a privacy-compliant way out of the cloud dilemma for public authorities and companies.

Uncertainty due to Schrems II ruling

In increasingly digitalized, networked and automated work environments, cloud computing plays a central role. Companies and public authorities predominantly use applications and services from US providers such as Microsoft, Google or Amazon for their cloud computing needs, as these are convincing with high functionality and scalability. The Schrems II ruling has left many users uncertain about the extent to which the use of such cloud services is still possible under data protection law.

In the opinion of the European Data Protection Board (EDPB), there is currently no permissible way in cloud computing for data to be transferred to the US. However, the EDPB does not rule out the possibility "that future technical developments could make measures possible that fulfill the intended business purposes without requiring access to the unencrypted data."

Secure data exchange through multi-level system

According to the legal opinion, the cloud security solution R&S Trusted Gate offers such a technical innovation. The special feature of this solution lies in the secure design of a multi-level system: according to this, the (personal) contents of the encryption level are separated from the cloud services on the business level. In this way, the benefits of external cloud services can be enjoyed without transferring personal data to an "insecure third country". Companies and public authorities retain data governance and comply with GDPR requirements.

R&S Trusted Gate can be seamlessly integrated into storage systems of popular public clouds such as Microsoft Azure, Google, AWS and collaboration tools such as Microsoft 365 or SharePoint, and legal requirements and compliance rules can be easily implemented even in global cloud environments. The solution runs transparently in existing applications so that workflows remain unchanged. A special search function enables a secure full-text search even in encrypted documents. In addition, important functions such as document versioning continue to work without restrictions.

About the author

Prof. Dr. Dirk Heckmann holds the Chair of Law and Security of Digitalization at the Technical University of Munich. His legal opinion, which is made available here, clarifies many important questions regarding the use of cloud solutions such as Microsoft 365 or Microsoft Teams in compliance with data protection requirements and also shows a clear way out of the "cloud dilemma" that has arisen following the Schrems II ruling of the European Court of Justice on the subject of data protection.






我同意,在网站Imprint中提到的Rohde & Schwarz GmbH & Co. KG和罗德与施瓦茨实体及分支机构 可出于营销和广告之目的(例如提供特价优惠和折扣促销信息)而通过选定渠道(电子邮件或邮政信件)与我联系并提供相关信息,包括但不限于测试与测量、安全通信、监测与网络测试、广播电视与媒体以及网络安全领域的产品和解决方案相关信息


您可以随时发送电子邮件至 撤销此同意声明,邮件主题注明“Unsubscribe”即可。此外,我们发送给您的每一封电子邮件中都含有电子邮件取消订阅链接。有关个人数据使用和撤销程序的详情,请参阅“隐私声明”

An error is occurred, please try it again later.