White Paper

Why a Good Additional Technical Safeguard is Hard to Find

A recent ruling by the Court of Justice of the European Union (CJEU) essentially made it impossible to justify a restricted data transfer from the European Union to the United States on the basis of the Privacy Shield. Moreover, contractual and organizational measures alone appear insufficient to mitigating the risk of data access by intelligence services. It thus stands to reason that technical safeguards are needed to complement Standard Contractual Clauses. But how realistic and how secure are these safeguards at providing adequate protection?
This white paper, written in response to the European Data Protection Board’s recommendations, explores the following potential technical safeguards, and why more clarity is needed to make them effective complementary measures:
  1. Encryption
  2. Pseudonymization
  3. Split or multi-party processing

Download the white paper here.