Many write about the US and the European Commission finally agreeing on a new agreement for managing data privacy. in US clouds. This is not the case. Most people who speak out on this issue have vested interests, including us at Storegate. What we all have in common is that we want clear guidelines on what applies. But the new announcement is nothing new. It is still not OK to store or share sensitive information (e.g. personal data) in US clouds (even if they store the information in Sweden). What has been agreed is to try to find a solution and whatever one's position on this issue, there are some things that are important to understand regarding the implementation and sustainability of such an eventual agreement.
Difficulties with agreement on US clouds
- The EU is calling for a new US law to provide guarantees, which can only be achieved through an act of Congress and it is considered very difficult to pass a law limiting the scope of US surveillance at this time.
- Instead, the proposal is based on an executive order from the President of the United States. Such an order should be seen as "temporary" because a new President can change such an order at any time. That this should be enough to satisfy the European Court of Justice is unlikely and will most likely be rejected by the European Parliament and the EDPB.
In addition, recent decisions have been taken that go directly against what is now being discussed
- The US Supreme Court has just made a privacy agreement between the US and the EU even more difficult (21 March 2022)
- CNIL decides that data transfer from the EU and the US to Google Analytics is illegal and orders the controller to comply with the GDPR (10 February 2022)
Complement with a Swedish cloud service
And now for our own self-interest... Many people are talking about finding an alternative solution to the IT platform that the agency or company currently uses. It usually doesn't take that much action. You can easily complement your current platform (which may include US clouds) with Storegate's blue cloud to store, share and collaborate with sensitive information under GDPR and with protection against foreign laws.