{"id":17488,"date":"2020-10-22T06:00:30","date_gmt":"2020-10-22T13:00:30","guid":{"rendered":"https:\/\/www.trulioo.com\/?p=17488"},"modified":"2022-11-15T22:17:10","modified_gmt":"2022-11-15T22:17:10","slug":"dropping-the-privacy-shield","status":"publish","type":"post","link":"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield","title":{"rendered":"Dropping the Privacy Shield: implications for cloud data"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"900\" height=\"600\" src=\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/10\/Dropping-the-Privacy-Shield.jpg\" alt=\"Dropping the Privacy Shield\" class=\"wp-image-17489\" srcset=\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/10\/Dropping-the-Privacy-Shield.jpg 900w, https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/10\/Dropping-the-Privacy-Shield-740x493.jpg 740w, https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/10\/Dropping-the-Privacy-Shield-48x32.jpg 48w\" sizes=\"(max-width: 900px) 100vw, 900px\" \/><\/figure>\n\n\n\n<p><span style=\"font-weight: 400;\"><\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">In today&#8217;s global business environment, transferring data between different countries is standard practice. However, as privacy regulations become increasingly stringent, those transfers are coming into question. Who controls the data? Who has access to it? What safeguards are in place to ensure that citizens\u2019 rights are protected?<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-transferring-data-from-the-european-union-schrems-ii\"><span style=\"font-weight: 400;\">Transferring data from the European Union \u2014 Schrems II<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">Until July 2020, there were three mechanisms by which a U.S. company could legally transfer the personal data of EU residents to the U.S.:<\/span><\/p>\n\n\n\n<ul><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Privacy Shield<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Standard Contractual Clauses<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Binding Corporate Rules<\/span><\/li><\/ul>\n\n\n\n<p><span style=\"font-weight: 400;\">In what is being called the \u2018<\/span><a href=\"https:\/\/curia.europa.eu\/jcms\/upload\/docs\/application\/pdf\/2020-07\/cp200091en.pdf\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Schrems II decision<\/span><\/a><span style=\"font-weight: 400;\">\u2019, the Court of Justice of the European Union (CJEU) declared the Privacy Shield transfer mechanism invalid. To help keep their privacy regulations aligned with the EU, <\/span><a href=\"https:\/\/www.cpomagazine.com\/data-protection\/schrems-ii-decision-extends-to-swiss-us-privacy-shield-agreement-found-inadequate-after-annual-review\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Switzerland quickly followed suit<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">\u2018Privacy Shield\u2019 refers to both the data transfer mechanism, now invalidated, and to the <\/span><a href=\"https:\/\/www.privacyshield.gov\/Program-Overview\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">voluntary compliance framework<\/span><\/a><span style=\"font-weight: 400;\"> in the U.S., which is still active as of today.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">At the moment, the U.S. does not have an adequacy decision from the EU in terms of data exports.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-legal-considerations-behind-schrems-ii\"><span style=\"font-weight: 400;\">Legal considerations behind Schrems II<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">Among the <\/span><a href=\"https:\/\/gdpr.report\/news\/2020\/07\/17\/schrems-ii-tech-lawyer-explains-cjeus-ruling-on-standard-contractual-clauses\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">aspects considered in this decision<\/span><\/a><span style=\"font-weight: 400;\"> were the U.S.\u2019s Foreign Intelligence Surveillance Act, section 702, and Executive Order 12333. The CJEU\u2019s concern is that:<\/span><span style=\"font-weight: 400;\"><br><\/span><\/p>\n\n\n\n<ul><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Privacy Shield did not and could not ensure that EU residents\u2019 data would be safe from U.S. governmental surveillance<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">EU residents would not have access to an effective judicial remedy if their rights to privacy were infringed<\/span><\/li><\/ul>\n\n\n\n<p><span style=\"font-weight: 400;\">FISA 702 applies to \u201celectronic communications service providers\u201d, and permits the Attorney General and the Director of National Intelligence to authorize the targeting of persons outside the U.S. for the purposes of collecting foreign intelligence information. The NSA, for example, used this section, and EO 12333, to justify programs such as PRISM, which collects information from internet services like email providers and video chat programs, and Upstream, which goes into the Internet infrastructure to access information in transit.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">This decision may feel like d\u00e9j\u00e0-vu to those who watched a very similar situation play out in regards to <\/span><a href=\"\/blog\/trust-and-safety\/restoring-trust-eu-us-privacy-shield-replaces-safe-harbor\"><span style=\"font-weight: 400;\">Safe Harbor<\/span><\/a><span style=\"font-weight: 400;\">, a self-certification compliance mechanism, which was declared invalid by the CJEU in 2015.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-impacts-on-the-use-of-cloud-providers\"><span style=\"font-weight: 400;\">Impacts on the use of cloud providers<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">However, Schrems II is likely to have far-reaching impacts. Companies using <\/span><a href=\"https:\/\/ec.europa.eu\/info\/law\/law-topic\/data-protection\/international-dimension-data-protection\/standard-contractual-clauses-scc_en\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Standard Contractual Clauses<\/span><\/a><span style=\"font-weight: 400;\"> (SCC) to transfer EU data to the U.S. are now required to conduct their own due diligence to ensure that there are supporting measures in place to ensure <\/span><span style=\"font-weight: 400;\">GDPR-equivalent protection<\/span><span style=\"font-weight: 400;\"> for the data. SCC arrangements found to be non-compliant with this requirement by the relevant DPA may be invalidated on a case-by-case basis.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">While this impacts a number of U.S.-based companies who previously relied on Privacy Shield, it also has the potential to impact a far wider group.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">The top three cloud providers in the world are Amazon (AWS), Microsoft (Azure), and Google &#8211; all U.S.-owned companies. Theoretically, they can all be compelled to permit U.S. government access to data, making the compliance situation of thousands of companies who handle EU residents\u2019 data and use their services an interesting proposition.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">It is also worth noting that although these large cloud providers offer data centers in a variety of global locations, those locations are all affiliated with the parent company, and can in theory be compelled to comply with U.S. governmental access requirements \u2013 FISA 702 has no territorial limitations.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-compliance-options\"><span style=\"font-weight: 400;\">Compliance options<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">There are a number of options being discussed to ensure the required equivalent data protection while not requiring companies to either stop using major cloud providers or stop transferring information to U.S. business partners.<\/span><\/p>\n\n\n\n<p><b>Binding Corporate Rules<\/b><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Of the original three EU-U.S. data transfer mechanisms, the one that wholly escaped the Schrems II decision was <\/span><a href=\"https:\/\/ec.europa.eu\/info\/law\/law-topic\/data-protection\/international-dimension-data-protection\/binding-corporate-rules-bcr_en\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Binding Corporate Rules<\/span><\/a><span style=\"font-weight: 400;\"> (BCR). BCRs are adequacy instruments wherein the burden of assessing whether or not a BCR arrangement is compliant rests with the supervisory authorities: BCRs must be approved by all concerned supervisory authorities prior to going into effect.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">However, in the post-Schrems II environment, if a review of a company\u2019s BCR indicated that the companies involved were unable to provide equivalent security for EU data, it is possible that the BCR in question could be invalidated.<\/span><\/p>\n\n\n\n<p><b>EU cloud services<\/b><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">One ongoing initiative is that the EU continues to push for the creation of an EU cloud, or rather the linking together of existing EU cloud services, compliant with all aspects of the GDPR. The project, known as <\/span><a href=\"https:\/\/www.data-infrastructure.eu\/GAIAX\/Navigation\/EN\/Home\/home.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Gaia-X<\/span><\/a><span style=\"font-weight: 400;\">, is currently led by France and Germany and is still in the very early stages.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">To date, there have been several attempts to create an EU cloud, none of which have been successful, but the increasing pressure for GDPR-compliant options &#8211; and calls for \u2018vigorous\u2019 enforcement by regulators &#8211; may have created the opportune moment.<\/span><\/p>\n\n\n\n<p><b>Standard Contractual Clauses<\/b><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">SCCs will likely be subject to increasing scrutiny. However, if measures are in place to ensure that equivalent protection of EU data is met, they remain a valid transfer mechanism.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Although on the face of it, given that the governments of various areas (not just the U.S.) do maintain data access and surveillance programs that are incompatible with GDPR requirements, this may sound like an impossible condition, there are potential options.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Among these are pseudonymization. In this scenario, information sent overseas cannot be attributed to a specific EU data subject without the use of additional data kept separately.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Pseudonymisation is a measure specifically mentioned in the GDPR as a solution to reduce the risks to the data subject and help controllers and processors to meet their data-protection obligations. An example of this kind of technology is <\/span><a href=\"https:\/\/www.itproportal.com\/features\/the-future-of-international-data-transfer-in-the-wake-of-schrems-ii\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Anonos\u2019s Variant Twins<\/span><\/a><span style=\"font-weight: 400;\">, a system for dynamically de-identifying data that is then impossible to re-identify without access to additional data that would itself be stored and secured separately.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-evolving-data-privacy-requirements\"><span style=\"font-weight: 400;\">Evolving data privacy requirements<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">The last decade has seen data privacy go from a niche concern to one of the key topics in business. Like any area where the situation is evolving rapidly, legislation and enforcement may lag on real-world developments, but the one certainty is that data privacy is here to stay.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">A <\/span><a href=\"https:\/\/securitybrief.eu\/story\/gartner-by-2023-65-of-the-world-will-have-personal-data-covered-under-modern-privacy-regulations\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">recent Gartner study<\/span><\/a><span style=\"font-weight: 400;\"> predicts that by 2023, 65% of the world\u2019s population will benefit from legislation and regulation protecting its personal data, up from 10% in 2020. This huge jump only underscores the importance of planning now to meet evolving needs. Most companies cannot function without collecting and processing personal data, so a major focus for the coming years will be how to ensure that that collection and processing is safe, transparent, and controllable.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">This is particularly true for companies where personal information comprises a core aspect of their business. Assurance that individual privacy is respected and that adequate data protection is in place is vital in order to maintain consumer trust in service providers. Maintaining awareness of the evolving requirements, and taking consistent and effective steps to comply with them, are steps every company should consider taking &#8211; and these measures don\u2019t stop at the company firewall. It\u2019s equally important to ensure that all third parties and vendors who handle this kind of sensitive information are able to meet or exceed the required standards to protect consumers.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"In today&#8217;s global business environment, transferring data between different countries is standard practice. However, as&#8230;","protected":false},"author":8,"featured_media":17489,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"footnotes":""},"categories":[324],"post-types":[133],"post-topics":[99,98,143,204],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.1 (Yoast SEO v22.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Dropping the Privacy Shield: implications for cloud data<\/title>\n<meta name=\"description\" content=\"Schrems II impacts a number of U.S.-based companies who previously relied on Privacy Shield and potentially any user of the top cloud providers in the world\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Dropping the Privacy Shield: implications for cloud data\" \/>\n<meta property=\"og:description\" content=\"Schrems II impacts a number of U.S.-based companies who previously relied on Privacy Shield and potentially any user of the top cloud providers in the world\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield\" \/>\n<meta property=\"og:site_name\" content=\"Trulioo\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/trulioo\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-22T13:00:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-15T22:17:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/10\/Dropping-the-Privacy-Shield.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Paul Valkama\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@trulioo\" \/>\n<meta name=\"twitter:site\" content=\"@trulioo\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Paul Valkama\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield\"},\"author\":{\"name\":\"Paul Valkama\",\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/person\/4dedbd41574b6b5754919a490ed4d5ae\"},\"headline\":\"Dropping the Privacy Shield: implications for cloud data\",\"datePublished\":\"2020-10-22T13:00:30+00:00\",\"dateModified\":\"2022-11-15T22:17:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield\"},\"wordCount\":1210,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.trulioo.com\/#organization\"},\"articleSection\":[\"Compliance\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield\",\"url\":\"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield\",\"name\":\"Dropping the Privacy Shield: implications for cloud data\",\"isPartOf\":{\"@id\":\"https:\/\/www.trulioo.com\/#website\"},\"datePublished\":\"2020-10-22T13:00:30+00:00\",\"dateModified\":\"2022-11-15T22:17:10+00:00\",\"description\":\"Schrems II impacts a number of U.S.-based companies who previously relied on Privacy Shield and potentially any user of the top cloud providers in the world\",\"breadcrumb\":{\"@id\":\"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.trulioo.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Compliance\",\"item\":\"https:\/\/www.trulioo.com\/post-topics\/compliance\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Dropping the Privacy Shield: implications for cloud data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.trulioo.com\/#website\",\"url\":\"https:\/\/www.trulioo.com\/\",\"name\":\"Trulioo\",\"description\":\"Building trust online (online identity verification services)\",\"publisher\":{\"@id\":\"https:\/\/www.trulioo.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.trulioo.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.trulioo.com\/#organization\",\"name\":\"Trulioo\",\"url\":\"https:\/\/www.trulioo.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2023\/01\/Trulioo-Wordmark-Dark-Green.png\",\"contentUrl\":\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2023\/01\/Trulioo-Wordmark-Dark-Green.png\",\"width\":2784,\"height\":1464,\"caption\":\"Trulioo\"},\"image\":{\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/trulioo\",\"https:\/\/twitter.com\/trulioo\",\"https:\/\/www.linkedin.com\/company\/trulioo\",\"https:\/\/www.instagram.com\/trulioo_global\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/person\/4dedbd41574b6b5754919a490ed4d5ae\",\"name\":\"Paul Valkama\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ae0ad041b53eb878badb2c5744ad4691?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ae0ad041b53eb878badb2c5744ad4691?s=96&d=mm&r=g\",\"caption\":\"Paul Valkama\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Dropping the Privacy Shield: implications for cloud data","description":"Schrems II impacts a number of U.S.-based companies who previously relied on Privacy Shield and potentially any user of the top cloud providers in the world","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield","og_locale":"en_US","og_type":"article","og_title":"Dropping the Privacy Shield: implications for cloud data","og_description":"Schrems II impacts a number of U.S.-based companies who previously relied on Privacy Shield and potentially any user of the top cloud providers in the world","og_url":"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield","og_site_name":"Trulioo","article_publisher":"https:\/\/www.facebook.com\/trulioo","article_published_time":"2020-10-22T13:00:30+00:00","article_modified_time":"2022-11-15T22:17:10+00:00","og_image":[{"width":900,"height":600,"url":"https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/10\/Dropping-the-Privacy-Shield.jpg","type":"image\/jpeg"}],"author":"Paul Valkama","twitter_card":"summary_large_image","twitter_creator":"@trulioo","twitter_site":"@trulioo","twitter_misc":{"Written by":"Paul Valkama","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield#article","isPartOf":{"@id":"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield"},"author":{"name":"Paul Valkama","@id":"https:\/\/www.trulioo.com\/#\/schema\/person\/4dedbd41574b6b5754919a490ed4d5ae"},"headline":"Dropping the Privacy Shield: implications for cloud data","datePublished":"2020-10-22T13:00:30+00:00","dateModified":"2022-11-15T22:17:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield"},"wordCount":1210,"commentCount":0,"publisher":{"@id":"https:\/\/www.trulioo.com\/#organization"},"articleSection":["Compliance"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield","url":"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield","name":"Dropping the Privacy Shield: implications for cloud data","isPartOf":{"@id":"https:\/\/www.trulioo.com\/#website"},"datePublished":"2020-10-22T13:00:30+00:00","dateModified":"2022-11-15T22:17:10+00:00","description":"Schrems II impacts a number of U.S.-based companies who previously relied on Privacy Shield and potentially any user of the top cloud providers in the world","breadcrumb":{"@id":"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.trulioo.com\/blog\/compliance\/dropping-the-privacy-shield#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.trulioo.com\/"},{"@type":"ListItem","position":2,"name":"Compliance","item":"https:\/\/www.trulioo.com\/post-topics\/compliance"},{"@type":"ListItem","position":3,"name":"Dropping the Privacy Shield: implications for cloud data"}]},{"@type":"WebSite","@id":"https:\/\/www.trulioo.com\/#website","url":"https:\/\/www.trulioo.com\/","name":"Trulioo","description":"Building trust online (online identity verification services)","publisher":{"@id":"https:\/\/www.trulioo.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.trulioo.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.trulioo.com\/#organization","name":"Trulioo","url":"https:\/\/www.trulioo.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.trulioo.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.trulioo.com\/wp-content\/uploads\/2023\/01\/Trulioo-Wordmark-Dark-Green.png","contentUrl":"https:\/\/www.trulioo.com\/wp-content\/uploads\/2023\/01\/Trulioo-Wordmark-Dark-Green.png","width":2784,"height":1464,"caption":"Trulioo"},"image":{"@id":"https:\/\/www.trulioo.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/trulioo","https:\/\/twitter.com\/trulioo","https:\/\/www.linkedin.com\/company\/trulioo","https:\/\/www.instagram.com\/trulioo_global\/"]},{"@type":"Person","@id":"https:\/\/www.trulioo.com\/#\/schema\/person\/4dedbd41574b6b5754919a490ed4d5ae","name":"Paul Valkama","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.trulioo.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ae0ad041b53eb878badb2c5744ad4691?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ae0ad041b53eb878badb2c5744ad4691?s=96&d=mm&r=g","caption":"Paul Valkama"}}]}},"_links":{"self":[{"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/posts\/17488"}],"collection":[{"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/comments?post=17488"}],"version-history":[{"count":0,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/posts\/17488\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/media\/17489"}],"wp:attachment":[{"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/media?parent=17488"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/categories?post=17488"},{"taxonomy":"post-types","embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/post-types?post=17488"},{"taxonomy":"post-topics","embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/post-topics?post=17488"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}