White Paper

The Technical Fix for International Data Transfers: A Word of Caution

In today’s interconnected world, data sharing has never been more essential. Whether it’s between internal business units, external researchers, or government agencies, data sharing powers analytics and decisions that have far-ranging implications. Therefore, when the Court of Justice of the European Union ruled that the Privacy Shield framework is invalid, and therefore data transfers from the EU to the US are no longer justifiable on this basis, attention turned to contractual and technical safeguards to determine how their combination could legitimize such data sharing.
This paper, originally written for the Privacy & Data Protection Journal, analyzes two technical safeguards – pseudonymisation and split- or multi-party processing, as described within the draft recommendations produced by the European Data Protection Board (EDPB) – and reveals what is really expected from these techniques to legitimate data sharing practices across jurisdictions.