Today’s announcement of a ‘revamped Privacy Shield’ data transfer agreement between the EU and the U.S. has been long awaited. Whilst the finer details are yet to be announced, it marks progress in addressing the uncertainty created by the Schrems II ruling back in July 2020.
Schrems II was a major milestone for international data protection and privacy, but it put mounting legal pressure on organisations who operated, or wished to operate, in the global market, and it limited data sharing practices between the EU and the U.S.
As an interim measure in November 2020, the European Data Protection Board (EDPB – the body that oversees the national privacy regulators in each of the EU member states – adopted guidance that clarified end-to-end encryption as an effective measure to enable both cloud adoption and data sovereignty requirements when transferring personal data outside the EU.
Regardless of the final outcome of the new privacy shield agreement, there are still likely to be concerns from individuals and organisations about how data that originates from the EU is handled and subject to U.S. surveillance practices. It is expected that the resolution will lean on technology, perhaps furthering the EDPB guidance on encryption, but organisations shouldn’t wait: Data is the lifeblood of an organisation and needs to be shared to foster collaboration, innovation and growth. By applying policy controls that follow data wherever it goes, across any geography, organisations can lawfully participate in the global economy, without ever sacrificing the control and ownership of their data.
Virtru helps thousands of global organisations safeguard their data and maintain full data sovereignty and control. To learn more about how you can apply our Zero Trust encryption to your organisation’s sensitive data, contact our team today.