Operating the U.S. Cloud Under Schrems II

Top Six Takeaways from the Webinar

Organizations protect data at rest and in transit with encryption and access controls, but often no controls are used to protect data when it is being processed in cleartext. Numerous data breaches and enforcement actions highlight this issue.
Technical controls that protect data in use are important for protecting against breaches and making desired processing in U.S.-operated clouds lawful.
EU and U.S. laws are often in conflict. Technical controls can helpbridge conflict-of-laws issues.
The Schrems II ruling has sparked new interest in the CLOUD Act, and the interplay between U.S. cloud providers, U.S. companies, and EU data subject rights.
Technical measures can protect against CLOUD Act requests and help reconcile Schrems II issues with EU data subject data.
Statutory pseudonymization is one way to enable organizations, governments and companies to process data in a way that is predictable and lawful to enable data-driven insights.
Key Highlights
of webinar attendees rated software-as-a-service as the most important cloud-enabled capability that their organizations need to use.
of webinar attendees believed that a Trans-Atlantic treaty (like the new proposed Data Privacy Framework) that does not address Schrems II requirements for supplementary measures likely will fail to withstand judicial scrutiny and therefore will not be sustainable.
Full Webinar Replay
Presentation Slides
Slide - 1/40
Operating the US Cloud Under Schrems II
Which of the following cloud-enabled benefits necessary to your organization?
Will a Trans-Atlantic treaty that does not address the Schrems II requirements for supplementary measures (like the new Data Privacy Framework) likely fail to withstand judicial scrutiny and be unsustainable?
The way organizations previously protected data in use no longer works.
Why Statutory Pseudonymization?
Statutory Pseudonymization
Shared Responsibility Model
There is No Turning Back on the Requirement to Protect Data When in Use
As strongly as both EU and US governments desire to put into place a new treaty to ensure uninterrupted Trans-Atlantic commerce, they will not abandon surveillance activities they deem critical for national security.
Decisions by the most senior courts cannot be ignored or (easily) reversed by the other stakeholder groups.
Enforcement Agencies
Activities by NGOs highlight the increasing importance of technologically enforced controls.
CJEU Schrems II Decision
US Cloud Act
Cloud Processing Challenges
US Hyper-Scaler Promises Are Not Enough by Themselves
It is Possible to Protect When in Use in Untrusted Environments1
Recognized by 40+ Regulators and NGOs Around the Globe
Something New Under the Sun
Specifications for Statutory Pseudonymization
GDPR Statutory Pseudonymization EDPB Use Case 2: Transfer of Pseudonymized Data
Requirements for Using Article 49(1) Derogations
GDPR Pseudonymization Supports Schrems II Compliant Processing for Majority of Cloud Processing Use Cases
Anonos Data Embassy Underpinnings for Trusted, Ethical & Lawful Analytics, AI & ML Under GDPR
On-Premise Creation of Variant Twins
EU-US: Lawful Trans-Atlantic Data Transfers (Schrems II) (Use Case 2 - GDPR Pseudonymized data cloud processing)
Confidential Computing Creation of Variant Twins
Cloud-Based Confidential Computing
Data Embassy and Confidential Computing
Data Embassy and Confidential Computing: Controlled Relinking to Source Data
Limited Perimeter Protection vs Controls That Flow With the Data Wherever it Travels
Statutory Pseudonymization with Data Embassy®: No Trade-off Between Data Protection and Data Utility
Anonos Data Embassy dynamic de-identification, pseudonymization and anonymization systems, methods and devices are protected by an intellectual property portfolio
Upcoming Data Without the Drama Webinar No.3
Statutory pseudonymization
How to join the “Statutory Pseudonymization” LinkedIn Group
Questions and Answers
Attention IAPP Certified Privacy Professionals
For questions on this or other IAPP Web Conferences or recordings or to obtain a copy of the slide presentation please contact