Deploy Friday: Your source for everything Open Source

#23: Schrems 2, Privacy Shield, and data sharing

May 20, 2021 Larry Garfield, Platform.sh, Joey Stanford, Platform.sh, Brandi Bennet, Data Privacy Attorney, Caroline McCaffery, Clearops.IO Season 1 Episode 23
Deploy Friday: Your source for everything Open Source
#23: Schrems 2, Privacy Shield, and data sharing
Show Notes

Adding more complexity to international privacy law

A recent ruling from the Court of Justice of the European Union invalidates the US EU Privacy Shield, which has many implications for data rules around the GDPR. More than 5,000 U.S. companies rely on Privacy Shield to conduct trans-Atlantic trade in compliance with the GDPR. We talk with a team of legal experts to clarify what this means for you and your international business.

Comprehensive data protection for European residents

GDPR stands for “General Data Protection Regulation,” which governs how businesses that interact with and collect data of European residents can be managed. It regulates everything from:

  • Why an organization collects data
  • How much data organizations should collect when building platforms
  • How long organizations can store your data
  • How organizations handle international transfers
  • What happens in cases of misuse of data or privacy breach

Privacy Shield allowed for data flow between the EU and the US

Under the GDPR, for you to transfer the data, there’s a determination of whether a particular country is “adequate” in terms of data protection.

Brandi Bennet, one of our guests, helps us define adequacy. “Europe has high standards for data protection: your data protection rights are considered a human right. What adequacy really means is, when they transfer the data to another country, are those country’s laws as good as our laws? Do they treat and protect data as robustly and as strong as we do?”

The United States does not meet The EU’s adequacy requirements. The Privacy Shield treaty provides a framework to nonetheless allow for data flow between the EU and the US. With the ruling, we’re no longer legally allowed to use Privacy Shield, which leaves businesses wondering what practical measures can they take to protect their data? Some suggestions from our guests are:

  • Data encryption and minimization
  • Storage minimization
  • Risk assessment of your vendors
  • Pseudo-anonymization, where you’re masking the identity of your users behind other identifiers
  • Giving customers access, notice, and choice

You can read more about international privacy law on the International Association of Privacy Professionals website.

Platform.sh
Learn more about us.
Get started with a free trial.
Have a question? Get in touch!

Platform.sh on social media
Twitter @platformsh
Twitter (France): @platformsh_fr
LinkedIn: Platform.sh
LinkedIn (France): Platform.sh
Facebook: Platform.sh

Watch, listen, subscribe to the Platform.sh Deploy Friday podcast:
YouTube
Apple Podcasts
Buzzsprout

Platform.sh is a robust, reliable hosting platform that gives development teams the tools to build and scale applications efficiently. Whether you run one or one thousand websites, you can focus on creating features and functionality with your favorite tech stack.