Why a Good Additional Technical Safeguard is Hard to Find

A recent ruling by the Court of Justice of the European Union (CJEU) essentially made it impossible to justify a restricted data transfer from the European Union to the United States on the basis of the Privacy Shield. Moreover, contractual and organizational measures alone appear insufficient to mitigating the risk of data access by intelligence services.

It stands to reason that technical safeguards are needed to complement Standard Contractual Clauses – but how realistic and secure are these safeguards at providing adequate protection?

This white paper, written in response to the European Data Protection Board’s recommendations:

  • Explores ecryption, pseudonymization, and split- or multi-party processing as potential technical safeguards
  • Explains why more clarity is needed to make these techniques effective complementary measures
  • Gives recommendations on next steps for organizations subject to this decision