Member Since: 20th Apr 2020
Founder and CEO of CrisisTeam.co.uk (SiliconANGLE global Startup of the Week – May 2019), an elite team of experts in incident response, cyber law, reputation management and social influence that help clients minimize the impact of cyber incidents. Previous cloud strategist at UKCloud (the UK’s leading govtech player) and on the global leadership of team for IBM Financial Services Sector (the world’s largest fintech player).
Profiled as the top global influencer for privacy and digital ethics, he helped lead the crowdfunding to launch None of Your Business (an NGO for pan-European privacy enforcement which brought the main cases against Facebook and others on day 1 of GDPR) and he appears almost weekly on TV/Radio (BBC, RT, etc.) as an expert on digital ethics, data privacy, social media regulation and digital transformation.
Was recently listed as one of the global top 100 cloud influencers (second highest in Europe – https://buff.ly/36XURyV), and is ranked in the global top 10 for smart cities, govtech and other digital transformation themes. Bill Mew is a cloud analyst that focuses on related technology use cases from facial recognition and govtech to smart cities and he is also a judge on the UK Cloud Awards.
CEO and founder Crisis Team
4th Nov 2020
I am sorry, but this is no longer the case. Use of SCCs was restricted under the Privacy Shield ruling. The US tech giants won't tell you this
The ruling can not be avoided ... Facebook says it may quit Europe over ban on sharing data with US https://buff.ly/3kzzT0o
ALL other US tech giants are in the same boat
4th Nov 2020
At the time that the General Data Protection Regulation became applicable, the third countries which ensure an adequate level of protection were: Andorra, Argentina, Canada (only commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and Japan.
Note that the US does NOT appear on the list.
4th Nov 2020
In an earlier reply in this thread I mention, how DropBox and all other services from US tech firms can no longer be used for storing or processing the personal data of EU or UK citizens.
Encryption can be used to provide adequate protection to data thus enabling you to use such services as long as you hold the encryption keys and not the US service provider and as long as the encryption is sufficiently robust to prevent the NSA from accessing the personal information if it is headed over to them.
4th Nov 2020
The Privacy Shield ruling means that you actually need to be careful which operator you use. Almost all US tech firms are subject to FISA 702. And as I explain in my article "Europe rebukes US for mass surveillance" https://buff.ly/3jsNw23, this applies to almost all US tech firms (telcos, cloud firms and social media giants) irrespective of whether the data is stored on their servers in the EU or their servers in the US.
As the article explains “Given that FISA warrants can be served on any US-based ‘electronic communication service providers’, US-based telcos, cloud firms or social media platforms are therefore unable to assure the protection of private data from mass surveillance. In other words, at any time the NSA could demand that any of these operators hand over the data, which means that the data isn’t safe so we cannot use such services (for storing or processing the personal data of EU or UK citizens).
The article also explains that “Indeed, given the extra-territorial provisions in the CLOUD Act, they likely don’t have a legal basis for storing your data in the EU either.” In other words, it does not matter if these firms are storing and processing the data on their servers in the US or their servers in the EU, if they have access to the data then they have to hand it to the NSA so the same problem applies and we cannot use them.
Basically, it doesn’t matter if the data in your words ‘defaults to the US’ or not, you need to avoid using DropBox or Google or Amazon or any other US tech firm for storing or processing the personal data of EU or UK citizens.