• Skip to primary navigation
  • Skip to main content
S2 Grupo

Spanish Company Specialized in Cybersecurity

  • Company
    • About Us
    • Governing Bodies
    • CSR
    • Awards and Acknowledgments
  • Specialization
    • OT Industry
    • IT
    • OT Health
  • Solutions
  • R&D+I
  • Talent
  • News & Publications
  • Contact
  • facebook
  • twitter
  • instagram
  • linkedin
|
en arrow down
  • es
© 2023 S2 Grupo
Corporate

S2 Grupo urges to review contracts with cloud providers to guarantee the protection of personal data against the US

The cybersecurity company has highlighted that, after the cancellation of the so-called Privacy Shield, it is essential to check if the cloud providers of companies are on the list of companies associated with this company.
25 Aug 2020
  • If so, they need to have updated their conditions according to the decision of the CJEU to meet the requirements of the GDPR.

Valencia, August 25, 2020.- The Valencian company S2 Grupo, specialized in cybersecurity and critical systems management, has warned that after the cancellation of the so-called Privacy Shield by the Court of Justice of the European Union (CJEU), which allowed the exchange of personal data between the EU and the US, it is essential to review contracts with cloud providers to ensure the protection of the information stored or managed by companies.

The so-called "Privacy Shield" is an agreement that defined the US as a "safe" country for the personal data of EU citizens and allowed to speed up international transfers between European and North American countries. Last July, this agreement was invalidated by the CJEU after the complaint of an Austrian individual, who was against the fact that the information he had on the social network Facebook was transferred from the servers of the company's division in Ireland to those that this same company has in the US.

The complaint submitted argued that, unlike EU data protection regulations, US regulations did not provide the same protection against government surveillance.

 “This decision results from a situation that different EU institutions have repeatedly denounced. Due to the preponderance of North American technology giants, and the lack of a common strategy from the EU, control and governance over data has been lost. The EU is not in a position to fight against the US technological leadership in cloud and data storage. Although in order to try to comply with the GDPR, these technological giants have placed large data banks on European soil, the reality is that in the end the flow of information ends up on servers located in the US”, explained José Rosell, managing partner of S2 Grupo.

"Given this decision, we are entering a period of uncertainty that envisages three types of solutions that include a new negotiation between the EU and the US to define a new agreement to replace the Privacy Shield, adapt US regulations with controls more in line with the GDPR or changes in the controls of EU organizations (private and public) to continue to maintain transfers to the US without breaching the GDPR”, said Miguel A. Juan, managing partner of S2 Grupo.

Risks in private and public organizations, after the cancellation of the "privacy shield"

The cybersecurity company has highlighted that the main risks of this decision of the CJEU in both public and private organizations are:

  1. Data storage providers (located in the US or clouds where we cannot guarantee where they store the data). Normally this relationship is regulated through adhesion contracts (general clauses) on the providers' websites. Therefore, it is necessary to review these conditions and request an update from the supplier.
  2. Informative clauses / consent of the owners of the data. Where we previously informed but did not request consent that the data could be stored in the US, considering that it was either a processing order or an international transfer to a safe country, the new situation could mean reviewing and updating such consents.
  3. Processing Records. Where previously “international transfers to countries with an adequate level of protection” were recorded, this record must now be updated.

Faced with this situation and to regulate the situation after the ruling, S2 Grupo urges companies to check if their cloud providers are on the list of companies associated with the Privacy Shield and, if so, verify the conditions of the agreement to ensure that they have been properly updated. In addition, it is important to review and update the Processing Records, contracts, privacy policies and information clauses.

More information: 

prensa@s2grupo.es

  • fb
  • tw
  • in
Related Articles
Show all →
Corporate
Almost half of cyberattacks to Spanish industries can be perpetrated by hackers with low knowledge.
Read more →
Corporate
The Joint Cyber Defense Command will lead the national team that will participate in the cyber-exercise “Locked Shields 18”
Read more →
Corporate
S2 Grupo implements more than 150 good practices to improve society
Read more →

Follow us in our newsletter

Subscribe through your email to stay up to date

S2 Grupo
© 2023 S2 Grupo
  • Press Center
  • Legal Disclaimer
  • Privacy Policy
  • Cookie policy
S2 Grupo utiliza cookies propias y de terceros para permitir tu navegación, fines analíticos y para mostrarte publicidad personalizada en base a un perfil elaborado a partir de tus hábitos de navegación (por ejemplo, páginas visitadas). Clica aquí para acceder a nuestra Política de Cookies. Puedes aceptar todas las cookies pulsando el botón “ACEPTAR” o configurar o rechazar su uso pulsando el Botón “CONFIGURAR”
ConfigurarAceptar cookies
Manage consent

Resumen de Privacidad

Este sitio web utiliza cookies para mejorar su experiencia mientras navega por el sitio web. De estas, las cookies que se clasifican como necesarias se almacenan en su navegador, ya que son esenciales para el funcionamiento de las funcionalidades básicas del sitio web. También utilizamos cookies de terceros que nos ayudan a analizar y comprender cómo utiliza este sitio web. Estas cookies se almacenarán en su navegador solo con su consentimiento. También tiene la opción de optar por no recibir estas cookies. Pero la exclusión voluntaria de algunas de estas cookies puede afectar su experiencia de navegación.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
pll_language1 yearThe pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Necessary
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
_GRECAPTCHA6 monthsThis cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-analytics1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional1 yearThe cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necesaria1 yearSet by the GDPR Cookie Consent plugin to store the user consent for cookies in the category "Necessary".
CookieLawInfoConsent1 yearRecords the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
SAVE & ACCEPT
Powered by CookieYes Logo