Privacat InsightsDo you hate your Data Protection Officer? Do you want to make them rage quit and throw their computer out the window before moving to a tropical island far, far away from the internet? Well, then, tell them you’re using ChatGPT to analyze client records. I guarantee you, in less than 10 seconds, they will look like the AI-generated image above.
After the Dutch National Cyber Security Centre published the Greenberg Traurig analysis of data transfers and the US CLOUD Act (https://lnkd.in/gmcvtCsP), we at Castlebridge HQ realized we needed to provide some practical guidance of our own on the state of hashtag#data hashtag#transfers, particularly to the hashtag#US.
This is an abridged version of what we shared with our clients today, but much of this will be relevant to any organisation facing the question of how to navigate in a hashtag#privacyabsolutist world.
Data transfers to third (or restricted) countries are a bit of a mess right now, and this has been made all the more messy by the UK trying to ‘get Brexit done’ by replacing EU laws and agreements with Brexity ones.
After puzzling over the question of what contract UK and EU exporters should be relying on, I decided to actually put it out on a whiteboard and share it with you. I hope this helps. Also, sorry.
Nothing focuses my rage more like a company trying to extort data subjects. Here’s how we can get back at this new wave of data vampires.
At some point though, a thought came to me — what does a good tech stack look like? What kind of benchmark or best practice should I advise clients on? How can data controllers do things in a privacy-preserving way? And so I asked Noyb, CNIL and the Austrian DSB if they would, in the interests of transparency, share their tech stacks and best practice.
It didn’t go well.
I recently wrote a bit for the folks at Castlebridge, discussing the Department of Commerce’s recent whitepaper of the US’ privacy policies in the post-Schrems world. You can read it here: https://castlebridge.ie/2020/10/05/the-department-of-commerces-rosy-view-of-privacy-doesnt-match-reality/
Since data breaches must generally be reported, there’s been an explosive rise in the number of notices issued to regulators. But does it matter?
Do SAs care about data breaches? I’m pouring over the data, and it doesn’t look great. Read about it here.
The European Court of Justice issued their ruling on the #SchremsII case. And I have lots of questions!