It depends how much credence you put in the standard contractual clauses (SCC) added by these companies after the privacy shield was ruled invalid by the EU.
The idea with the SCC is that instead of all data transfers being covered by a single adequacy decision, each company adds SCCs to it's contracts with customers promising that data of EU citizens will be handled in a way that's compliant with GDPR.
Reading this piece from CNIL, I can't see how a US company is going to be able to use SCCs to protect EU citizens from data access by the US government. Non US citizens typically don't have a lot of rights in the eyes of the US gov and they've traditionally been pretty happy to rifle through the data of those people at will.
ed: the point by another commenter about using your own encryption key is a good one. However, the view of CNIL essentially seems to be that transferring any data to the US is risky so to me it feels like you'd be swimming against the tide.
darkwater|3 years ago
If you encrypt the data with your own key, they should not be able to access it.
fauigerzigerk|3 years ago
Rebelgecko|3 years ago
remus|3 years ago
The idea with the SCC is that instead of all data transfers being covered by a single adequacy decision, each company adds SCCs to it's contracts with customers promising that data of EU citizens will be handled in a way that's compliant with GDPR.
Reading this piece from CNIL, I can't see how a US company is going to be able to use SCCs to protect EU citizens from data access by the US government. Non US citizens typically don't have a lot of rights in the eyes of the US gov and they've traditionally been pretty happy to rifle through the data of those people at will.
ed: the point by another commenter about using your own encryption key is a good one. However, the view of CNIL essentially seems to be that transferring any data to the US is risky so to me it feels like you'd be swimming against the tide.
martin_a|3 years ago