After the Dutch National Cyber Security Centre published the Greenberg Traurig analysis of data transfers and the US CLOUD Act (, we at Castlebridge HQ realized we needed to provide some practical guidance of our own on the state of hashtag#data hashtag#transfers, particularly to the hashtag#US. This is an abridged version of what we shared with our clients today, but much of this will be relevant to any organisation facing the question of how to navigate in a hashtag#privacyabsolutist world.
At some point though, a thought came to me -- what does a good tech stack look like? What kind of benchmark or best practice should I advise clients on? How can data controllers do things in a privacy-preserving way? And so I asked Noyb, CNIL and the Austrian DSB if they would, in the interests of transparency, share their tech stacks and best practice. It didn't go well.