Privacy Shield 2.0

Considerable doubts

Privacy Shield

States - despite standard contractual clauses that have since been introduced. The Trans-Atlantic Data Privacy Framework announced on March 25, 2022, is intended to restore legal certainty. Whether it will succeed, however, is highly doubtful.

Companies that transfer data to the US or use IT services that transfer personal data to companies based in the U.S. have been taking an enormous risk since the so-called Schrems II ruling. According to the prevailing opinion, the required level of data protection cannot be guaranteed by standard data protection clauses or binding internal data protection guidelines. The use of cloud services in particular is risky. This is because, in the opinion of the European Data Protection Committee (EDSA), there is currently no permissible way for data to be transferred to the US in cloud computing.

But does the planned "Privacy Shield 2.0" really create legal certainty?

Prof. Dr. Dirk Heckmann, holder of the Chair of Law and Security of Digitalization at the Technical University of Munich, addresses this question in his brief opinion on data transfers to the US, which continue to pose risks. Read in it:

  • why there are considerable doubts about the "Privacy Shield 2.0
  • what influence the future design of US data protection law will have
  • what role the US Foreign Intelligence Surveillance Act (FISA) plays in this.

Legal certainty is ultimately only possible with a technical solution in which sensitive data is decoupled from the work processes and service offerings of non-European cloud providers. In this way, the data can be stored in a self-determined manner at any location - on the company's own server, for example, or with a European cloud provider. The advantage: The collaboration and cloud services from Microsoft & Co remain in use as usual - but the company itself retains control over the data. With our R&S®Trusted Gate solution for Microsoft® Teams and SharePoint Online, this is exactly what is possible. By gaining data sovereignty, European companies can comply with the GDPR worldwide without legal uncertainties.

(download is only available in German)

Related topic content

Webinar-Aufzeichnung - Ausweg aus dem "Cloud-Dilemma"

Webinar: Ausweg aus dem "Cloud-Dilemma" (German)

Legal Opinion: Privacy-compliant use of cloud solutions

Legal Opinion: Privacy-compliant use of cloud solutions

Download now