😳 Huge #SchremsII aftershocks!
French DPA @CNIL asks not to use US Cloud providers (or other providers “under US jurisdiction”) for hosting health data. For CNIL, this is relevant even if there are no “transfers of data” to 🇺🇸 and all data are stored in 🇪🇺, because... (1)
French DPA @CNIL asks not to use US Cloud providers (or other providers “under US jurisdiction”) for hosting health data. For CNIL, this is relevant even if there are no “transfers of data” to 🇺🇸 and all data are stored in 🇪🇺, because... (1)
https://twitter.com/cnll_fr/status/1314466315319508992
... the US Government can still make FISA & EO123333 orders to transfer data to the US. Despite the fact that the Data are encrypted in this specific case under review (HDH), CNIL seems to consider this is not enough. This is striking as encryption has been presented as... (2)
...a potential technical solution under the “additional safeguards” possibility opened by the CJEU in #SchremsII. Instead, CNIL considers that using a European “trustee” could be a solution under some conditions. All this pending the eagerly expected @EU_EDPB guidelines... (3)
...on “additional safeguards”.
Although CNIL says this position “only concerns health data” & that “it reserves its position on other sectors & other, less sensitive, categories of data” its reasoning could be transposable to other categories of personal data...
(4 & end)
Although CNIL says this position “only concerns health data” & that “it reserves its position on other sectors & other, less sensitive, categories of data” its reasoning could be transposable to other categories of personal data...
(4 & end)
• • •
Missing some Tweet in this thread? You can try to
force a refresh
