The Rise of Encryption Around the II World

View in browser

Hi there,

More and more emphasis is landing on encryption as a technical solution to comply with privacy laws like GDPR within the limitations of Schrems II, a lawsuit that makes it difficult for U.S. companies to hold EU personal data.

But there's a lot of confusion floating around about what encryption patterns are actually Schrems II compliant — and most aren't. In a Forbes article, The Rise of Encryption in a Schrems II World, I outline two encryption approaches that do satisfy the Schrems II requirements.

The Goal of Encryption

If you're going to choose encryption as a technical solution to Schrems II, you have to ensure that access to EU citizen data is protected by due process that meets EU privacy standards. One way to achieve this is to make U.S. government agencies work with their counterparts in the EU to get access to EU citizen data. There are two encryption patterns that, when done right, accomplish these goals.

Keep Reading

Click on any of the boxes below to view other privacy regulation resources in our library.

What you need to know about the new Trans-Atlantic Data Privacy Framework

How to handle EU data without the EU-U.S. Privacy Shield Framework

How companies avoid compelled access with encryption

As always, if you'd like to talk more about the turbulence, the gray areas in the law, or other aspects of these issues, just hit reply and let's chat.

Until next month,

Patrick Walsh
CEO, IronCore

Join the IronCore Labs community on Discord.