Compare with different regulatory event:

Description

Ruling qualifying encryption as a sufficient supplementary measure for U.S.-EU data transfers

On 19 August 2021, the Council of State ruled that encryption is a valid supplementary measure to transfer data to the US when adequate technical and organizational measures are implemented. On 10 August 2021, a Dutch company had challenged the decision of the Flemish Region to grant a tender to an EU company (Viavan) that relies on the cloud services of Amazon Web Service (AWS). The company contested that such a decision violated the Schrems II decision because Viavan relies on AWS services while lacking a valid mechanism to transfer Belgian data from the EU to the US. In the ruling, the challenge against Viavan is dismissed because the plaintiff did not offer enough proof of a breach of GDPR Articles 28 (data processor not providing sufficient guarantees) and 32 (lack of technical and organisational measures for the security of processing).

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
judiciary
Government Body
court

Complete timeline of this policy change

Hide details
2021-08-10
under deliberation

On 10 August 2021, a Dutch company challenged the decision of the Flemish Region to grant a tender …

2021-08-19
in force

On 19 August 2021, the Council of State ruled that encryption is a valid supplementary measure to t…