Security News > 2020 > July > An axe age, a sword age, Privacy Shield is riven, but what might that mean for European businesses?
When an organisation's only customer interface is via Facebook or Twitter, it forces customers to agree to terms that harm their privacy in order to communicate.
That has not changed from when Privacy Shield was OK for those who preferred not to look too closely, and there is still some margin for using opt-out "Standard contractual clauses" that have been not been ruled invalid, for now.
When an EU organisation uses US resources for receiving customer email or messages it is, by default, exporting personal information to a country that is now without adequate privacy protection.
A US provider who has set up EU operations to seek GDPR compliance can therefore still not be considered safe from a privacy perspective as this CLOUD Act considerably exacerbates the conflict between the EU and US federal view of privacy, good state efforts such as the California Consumer Privacy Act notwithstanding.
Peter Houppermans is a privacy and IT security expert.