December has been an incredibly busy month. As you might be aware, both the European Data Protection Board (EDPB) and the European Commission released guidance on third country data transfers. Since both documents have been open to public consultation, we have used our specific expertise to weigh in on the debate. Additionally, we took part in the Cyber Security Forum, helped develop a new publication. In addition, we are looking for a new project manager: So please feel free to circulate this newsletter and the job ad among your network.
We can't wait to share all of our exciting latest engagements with you, as a lot is happening right now! Among other things, we are very pleased that the creators of the data protection market standard for cloud, the EU Cloud Code of Conduct, announced to work on a proposed legal solution for the transfer of personal data outside the EU. Once approved, the solution could establish a feasible alternative to other transfer mechnisms, such as standard contractual clauses. Find out all about this - and other projects and engagements we are driving - below.
The Ministries of France and Germany recently announced more details on Europe's next generation cloud environment, publishing several documents on GAIA-X. The EU Cloud Code of Conduct for Cloud Service Providers analysed the publications and commented on the core principles, highlighting alignments of both initiates. Also, the SRIW membership continues to grow, the work on the pseudonymisation continues and the Bitkom Privacy Conference will feature the EU Cloud Code of Conduct.
The last weeks were all about the recent European Court of Justice (ECJ) ruling in the so-called "Schrems II" case, invalidating the data exchange mechanism between the US and the EU (Privacy Shield). Also, the Court decided that transfers of personal data to non-EU countries with Standard Contractual Clauses is still valid, however, the ruling imposes obligations on companies to assess the level of data protection in the recipient country. In light of these discussions, we provide you with some of our materials related to third country transfers - and share really exciting news about the newest member of our umbrella organization SRIW.
June was certainly a busy month for us, including several milestones that we want to share with you: Alibaba Cloud was verified to be adherent and compliant to the EU Cloud Code of Conduct, underpinning GDPR-related measures implemented. Also, we commented on the recent developments of GAIA-X. And you find below our take on the report of the European Commission on the two-year application of GDPR.
With GDPR turning two this week, third country data transfer mechanisms are still one of the most discussed EU privacy topics. The European Commission reemphasized the importance of third country transfer tools and started working on the modernization of the standard contractual clauses framework. We have, together with industry partners contributed to this debate by developing a set of Standard Data Protection Clauses, introducing key principles and safeguards for the processor to processor environment. This month, we published an updated version of our work and further optimized our concepts.
First of all, we hope this finds you well and healthy. Yesterday, we submitted our feedback to the consultation of the European Commission’s report on the application of GDPR - including our recommendations and perspectives. Another piece worth reading is a joint article we published this week in the IAPP "Privacy Advisor", discussing the key success factors for third-country transfer tools. More on these two publications - and some other recent activities - below.
This month, our parent company SRIW held it's statutory board and member meetings and Dr. Claus-Dieter Ulmer, Global Data Privacy Officer and Senior Vice President Group Privacy at Deutsche Telekom, has been elected chairman of the executive board. We're more than excited to have Claus, an internationally-renowned thought leader in privacy, on the team and look forward to working with him on many projects related to credible self- and co-regulation. We also joined the data privacy lab day as speaker and have exciting news from the EU Cloud Code of Conduct.
We hope you had a good start into 2020! Starting the new year with good news, the EU Cloud Code of Conduct General Assembly welcomed SecureAppbox as newest member. The Stockholm-based company was founded in 2011 and offers privacy-enhancing cloud services to clients in more than 160 countries. For us, it's in particular relevant that another European SME decided to join the EU Cloud CoC, proving that the chosen membership structure and governance mechanisms are in particular accessible for smaller players. More below on the expanding membership of the EU Cloud Code of Conduct and some of our other initiatives.