on the crypto
In July, the Court of Justice of the European Union (CJEU) signed a key data sharing agreement between the United States and the European Union, with possible implications for U.S. blockchain companies serving EU customers. .
Privacy Shield
The 2016 agreement, known as the Privacy Shield, allows American companies to self-certify compliance with data privacy laws, such as the General Data Protection Act (GDPR). The GDPR offers end users greater control over the data held by companies like Google and Facebook.
Steven Blickensderfer, a technology and privacy attorney at Carlton Fields, said the decision significantly alters the way companies can process data and impact not only on the U.S., but also on other countries such as China and Russia.
Companies that manage a European's personal data should only share that data with institutions from countries with similar laws. The United States lacks strong federal privacy legislation and has a long history of security agencies such as the National Security Agency, which secretly monitors large swaths of personal data under legally doubtful justifications.
The next steps for companies
Over 5.000 U.S. companies have been certified under the Privacy Protection Agreement, including Facebook, Twitter, Amazon and Google, which means they may now have to extend measures to protect EU customer data and comply to the GDPR.
This is a challenge especially for small businesses, said Blickensderfer, considering the measures needed to take into account the data and the number of third parties involved.
An alternative is to make sure that users provide informed consent, so their data is processed in the United States and personal data can be used for commercial purposes. But, Blickensderfer said, it is doubtful whether the existing terms of service are compatible.
Another option is to review the standard contract writing, making more explicit how, for example, the U.S. government can access data.
The new privacy technology
Companies that use privacy-oriented technology and include features such as end-to-end encryption may face a simpler period of respecting the new reality, according to Blickensderfer.
"Decentralized technology and tools such as blockchain can help establish sufficient protections - or" additional measures ", if we want to use the words of the Court - to ensure the adequacy of the protections necessary to meet the GDPR," he said.
At the same time, GDPR compliance poses a challenge for these technologies because of the seemingly inevitable conflict between immutability on the one hand and the right to be forgotten or limited in processing on the other.
In addition, end-to-end encryption prevents state surveillance equipment from forcing companies to access and share such data with them. In addition, decentralized technology does not have a centralized control point, which means that there are very few ways to force access to all information on the network or protocol.
