Don’t be so negative, it is not a full loss as you all say.
The European Court of Justice already killed the previous 2 adequacy decisions in the Schrems cases, and it may happen in few years from now again.
Apart from that, though the US are clearly not adequate for data protection following GDPR standards, they have somehow to comply with GDPR. Businesses in the US are now applying 2-standards to EU citizens and the rest of the world, in order to comply with our data protection framework.
Until yesterday, all companies and public organisations using US services were not compliant with the law, because there was no legal basis available for data transfers to the US. Nevertheless we were all using their services.
It’s best to have in place an adequacy decision which is not perfect (and probably not compliant) than nothing and living in a far west.
Good thoughts. But if you took care of your contracts and transfer impact assessments, it was possible to be compliant with the GDPR while using good US service providers. Also, the US are catching up in regards of privacy laws and California is just one good example for that. Some ideas in there exceed the GDPR in ways that protect people even better. And yeah, I’m speaking as a European data protection lawyer here and not the typical “USA, USA” fanboy. Credit where credit’s due
Don’t be so negative, it is not a full loss as you all say.
The European Court of Justice already killed the previous 2 adequacy decisions in the Schrems cases, and it may happen in few years from now again.
Apart from that, though the US are clearly not adequate for data protection following GDPR standards, they have somehow to comply with GDPR. Businesses in the US are now applying 2-standards to EU citizens and the rest of the world, in order to comply with our data protection framework.
Until yesterday, all companies and public organisations using US services were not compliant with the law, because there was no legal basis available for data transfers to the US. Nevertheless we were all using their services. It’s best to have in place an adequacy decision which is not perfect (and probably not compliant) than nothing and living in a far west.
i kinda freak out tbh . mostly what my country do actualy (france) its… not good at alls…
In France you have good practices too, qwant, ovh to name a couple
Good thoughts. But if you took care of your contracts and transfer impact assessments, it was possible to be compliant with the GDPR while using good US service providers. Also, the US are catching up in regards of privacy laws and California is just one good example for that. Some ideas in there exceed the GDPR in ways that protect people even better. And yeah, I’m speaking as a European data protection lawyer here and not the typical “USA, USA” fanboy. Credit where credit’s due