{"id":14350,"date":"2020-10-15T06:00:38","date_gmt":"2020-10-15T13:00:38","guid":{"rendered":"https:\/\/www.privateinternetaccess.com\/blog\/?p=14350"},"modified":"2020-10-14T15:30:10","modified_gmt":"2020-10-14T22:30:10","slug":"french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu","status":"publish","type":"post","link":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/","title":{"rendered":"French data protection authority says it can&#8217;t trust top US Internet companies with EU personal data &#8211; even if they keep it in the EU"},"content":{"rendered":"<p>Last month, this blog looked at <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/latest-developments-in-the-long-running-and-crucial-schrems-vs-facebook-gdpr-privacy-battle\/\">the continuing repercussions<\/a> of the decision by the EU\u2019s top court, the Court of Justice of the European Union (CJEU), to <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/top-eu-court-sinks-main-framework-for-sending-personal-data-across-the-atlantic\/\">strike down the Privacy Shield framework<\/a> that legalizes most flows of personal information from the EU to the US. The privacy activist who brought the original case against Facebook some seven years ago, <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/?s=schrems\">Max Schrems<\/a>, is still fighting to get the Irish Data Protection Commission (DPC) to investigate whether Facebook complies with the EU\u2019s General Data Protection Regulation (<a href=\"https:\/\/www.privateinternetaccess.com\/blog\/?s=gdpr\">GDPR<\/a>).  As Privacy News Online wrote, instead of responding to Schrems\u2019s original complaint, the DPC has opened up a second investigation \u2013 one, moreover, that is largely irrelevant, for reasons explained last month.  Schrems\u2019 organization noyb.eu has now taken further legal action against the DPC, and has been granted <a href=\"https:\/\/noyb.eu\/en\/irish-high-court-allows-judicial-review-stop-facebook-eu-us-transfers\">a judicial review into the DPC\u2019s actions<\/a> by the Irish High Court.  Schrems hopes the hearing will take place by the end of the year, and says: \u201cThe DPC has already pledged to the Court in 2015 that it will swiftly decide. It seems like we need a clear judgment to force the DPC to do its job.\u201d<\/p>\n<p>A \u201cclear judgment\u201d could make it much harder for not just Facebook, but many other major US Internet companies to transfer personal data from the EU to the US.  But even without that judgment, the CJEU\u2019s decision to strike down the Privacy Shield framework has already led to a major development in France.  Back in December 2019, the French government announced <a href=\"https:\/\/www.dataguidance.com\/news\/france-ministers-issue-order-creating-health-data-hub\">the creation of a Health Data Hub<\/a>, which would consolidate many separate holdings of French citizens\u2019 personal health data in a single, massive database.  The hope is that such a hub will allow research into diseases, their cures and treatments, to proceed more efficiently.  <\/p>\n<p>Creating a massive database of this sensitive data raises important privacy issues.  Things were not helped when the French government announced that it was giving the contract to run the database to Microsoft, rather than to a local company.  When the CJEU invalidated the Privacy Shield framework, 18 French organizations, including a group representing the French open source community, CNLL, called for the transfer to the US of French health data held by Microsoft <a href=\"https:\/\/cnll.fr\/news\/health-data-hub-schrems-ii\/\">to be halted<\/a>.  Initially, the French authorities refused to consider the idea.  But the 18 organizations made <a href=\"https:\/\/cnll.fr\/news\/health-data-hub-transfert-illegal-donnees-sante\/\">another attempt<\/a>, this time with more success.  Because of the seriousness of the matter, France\u2019s national data protection authority, <a href=\"https:\/\/www.cnil.fr\/en\/home\">CNIL<\/a>, produced a report exploring the legal and technical issues of using US companies to store French personal data (<a href=\"https:\/\/cnll.fr\/documents\/35\/OBSERVATIONS_DE_LA_CNIL_8_OCTOBRE_2020.pdf\">original document in French<\/a>).<\/p>\n<p>It pointed out that initially, Microsoft\u2019s transfers from France to the US were authorized by the Privacy Shield agreement.  However, after the most recent CJEU decision, that is no longer the case.  As <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/top-eu-court-sinks-main-framework-for-sending-personal-data-across-the-atlantic\/\">a previous blog post explained<\/a>, even though there is an alternative to Privacy Shield transfers, in the form of standard contractual clauses (SCCs), there is still a requirement that it must be clear the personal data of EU citizens will be protected in the US.  For major companies like Facebook and Microsoft, that\u2019s not the case.  They are both subect to Section 703 of the FISA Amendments Act, which allows the collection of foreign intelligence from non-Americans located outside the US.  In the view of the CNIL, this means that there is no legal way for Microsoft to transfer French health data to the US.<\/p>\n<p>That in itself is not a surprising conclusion: most privacy experts agree.  But the CNIL document goes even further.  It believes that the reach of FISA is so great that even if Microsoft kept all French health data within the EU, it could still be required by the US government to send it across the Atlantic.  As a result, the CNIL came to a ground-breaking conclusion: that the Health Data Hub should not be run by Microsoft \u2013 or by any other US company.  It has recommended that the French government finds another solution from an EU company.  It recognizes that shifting from Microsoft to a new EU outfit is not a trivial operation, and therefore suggests that the data should remain with Microsoft for a little while longer, despite the privacy risks.  It justifies this on the basis that a rushed migration could cause more harm to French citizens than the risk of US government surveillance.  The French government\u2019s legal advisor, the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Conseil_d'%C3%89tat_(France)\">Conseil d\u2019\u00c9tat<\/a>, has <a href=\"https:\/\/www.conseil-etat.fr\/actualites\/health-data-hub-et-protection-de-donnees-personnelles-des-precautions-doivent-etre-prises-dans-l-attente-d-une-solution-perenne\">a similar view<\/a>.<\/p>\n<p>CNIL points out that its conclusions apply not only to Microsoft hosting the Health Data Hub, but also to all the other kinds of French health data held on systems run by US companies.  By implication, then, it suggests that all of these should be transferred to EU hosting companies.  By further extension, the conclusions would apply to any kind of EU personal data.  For companies like Facebook, it is clearly going to be harder transferring their data to local EU companies, than it will be for the Health Data Hub.  But CNIL has come up with an interesting solution that may well prove to be the way forward.  It suggests creating a kind of partnership with an EU business that has a license to access to all of a US company\u2019s EU data \u2013 for example, Facebook\u2019s \u2013 and is able to use it to provide a similar service in the EU.  It\u2019s a complicated approach, and one that companies like Facebook will doubtless hate.  But if other EU countries follow France\u2019s lead here, US Internet giants may not have much choice.<\/p>\n<p>Featured image by <a href=\"https:\/\/en.wikipedia.org\/wiki\/File:La_Grande_Arche_de_la_D%C3%A9fense_and_the_Yaacov_Agam_Fountain_(1977).jpg\">Coldcreation<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last month, this blog looked at the continuing repercussions of the decision by the EU\u2019s top court, the Court of Justice of the European Union (CJEU), to strike down the Privacy Shield framework that legalizes most flows of personal information from the EU to the US. The privacy activist who brought the original case against &hellip; <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;French data protection authority says it can&#8217;t trust top US Internet companies with EU personal data &#8211; even if they keep it in the EU&#8221;<\/span><\/a><\/p>\n","protected":false},"author":20,"featured_media":14355,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_stopmodifiedupdate":true,"_modified_date":"","footnotes":""},"categories":[12,1001,1,130,1941],"tags":[544,223,1990,104,365,128,495,681,178,612],"class_list":["post-14350","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-encryption","category-news","category-governments","category-surveillance","tag-cjeu","tag-cnil","tag-dpc","tag-facebook","tag-fisa","tag-france","tag-healthcare","tag-max-schrems","tag-microsoft","tag-privacy-shield"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>French data protection authority says it can&#039;t trust top US Internet companies with EU personal data - even if they keep it in the EU<\/title>\n<meta name=\"description\" content=\"Last month, this blog looked at the continuing repercussions of the decision by the EU&#039;s top court, the Court of Justice of the European Union (CJEU), to Continuing repercussions of CJEU decision to strike down Privacy Shield\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"French data protection authority says it can&#039;t trust top US Internet companies with EU personal data - even if they keep it in the EU\" \/>\n<meta property=\"og:description\" content=\"Last month, this blog looked at the continuing repercussions of the decision by the EU&#039;s top court, the Court of Justice of the European Union (CJEU), to Continuing repercussions of CJEU decision to strike down Privacy Shield\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/\" \/>\n<meta property=\"og:site_name\" content=\"PIA\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/privateinternetaccess\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-15T13:00:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2020\/10\/La_Grande_Arche_de_la_Defense_and_the_Yaacov_Agam_Fountain_1977.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"721\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Glyn Moody\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@http:\/\/twitter.com\/glynmoody\" \/>\n<meta name=\"twitter:site\" content=\"@buyvpnservice\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Glyn Moody\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/\"},\"author\":{\"name\":\"Glyn Moody\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775\"},\"headline\":\"French data protection authority says it can&#8217;t trust top US Internet companies with EU personal data &#8211; even if they keep it in the EU\",\"datePublished\":\"2020-10-15T13:00:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/\"},\"wordCount\":942,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2020\/10\/La_Grande_Arche_de_la_Defense_and_the_Yaacov_Agam_Fountain_1977.jpg\",\"keywords\":[\"cjeu\",\"cnil\",\"dpc\",\"Facebook\",\"fisa\",\"france\",\"healthcare\",\"max schrems\",\"microsoft\",\"Privacy Shield\"],\"articleSection\":[\"Cybersecurity\",\"Encryption\",\"General Privacy News\",\"Governments\",\"Surveillance\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/\",\"name\":\"French data protection authority says it can't trust top US Internet companies with EU personal data - even if they keep it in the EU\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2020\/10\/La_Grande_Arche_de_la_Defense_and_the_Yaacov_Agam_Fountain_1977.jpg\",\"datePublished\":\"2020-10-15T13:00:38+00:00\",\"description\":\"Last month, this blog looked at the continuing repercussions of the decision by the EU's top court, the Court of Justice of the European Union (CJEU), to Continuing repercussions of CJEU decision to strike down Privacy Shield\",\"breadcrumb\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#primaryimage\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2020\/10\/La_Grande_Arche_de_la_Defense_and_the_Yaacov_Agam_Fountain_1977.jpg\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2020\/10\/La_Grande_Arche_de_la_Defense_and_the_Yaacov_Agam_Fountain_1977.jpg\",\"width\":1280,\"height\":721},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.privateinternetaccess.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"French data protection authority says it can&#8217;t trust top US Internet companies with EU personal data &#8211; even if they keep it in the EU\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"name\":\"PIA\",\"description\":\"Online privacy news from around the world.\",\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\",\"name\":\"Private Internet Access\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"width\":1200,\"height\":1200,\"caption\":\"Private Internet Access\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/privateinternetaccess\/\",\"https:\/\/x.com\/buyvpnservice\",\"https:\/\/www.instagram.com\/piavpn\/\",\"https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775\",\"name\":\"Glyn Moody\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g\",\"caption\":\"Glyn Moody\"},\"description\":\"Glyn Moody is a freelance journalist who writes and speaks about privacy, surveillance, digital rights, open source, copyright, patents and general policy issues involving digital technology. He started covering the business use of the Internet in 1994, and wrote the first mainstream feature about Linux, which appeared in Wired in August 1997. His book, \\\"Rebel Code,\\\" is the first and only detailed history of the rise of open source, while his subsequent work, \\\"The Digital Code of Life,\\\" explores bioinformatics - the intersection of computing with genomics.\",\"sameAs\":[\"http:\/\/opendotdotdot.blogspot.com\/\",\"https:\/\/www.linkedin.com\/in\/glynmoody\/\",\"https:\/\/x.com\/http:\/\/twitter.com\/glynmoody\"],\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/author\/glynmoody\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"French data protection authority says it can't trust top US Internet companies with EU personal data - even if they keep it in the EU","description":"Last month, this blog looked at the continuing repercussions of the decision by the EU's top court, the Court of Justice of the European Union (CJEU), to Continuing repercussions of CJEU decision to strike down Privacy Shield","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/","og_locale":"en_US","og_type":"article","og_title":"French data protection authority says it can't trust top US Internet companies with EU personal data - even if they keep it in the EU","og_description":"Last month, this blog looked at the continuing repercussions of the decision by the EU's top court, the Court of Justice of the European Union (CJEU), to Continuing repercussions of CJEU decision to strike down Privacy Shield","og_url":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/","og_site_name":"PIA","article_publisher":"https:\/\/www.facebook.com\/privateinternetaccess\/","article_published_time":"2020-10-15T13:00:38+00:00","og_image":[{"width":1280,"height":721,"url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2020\/10\/La_Grande_Arche_de_la_Defense_and_the_Yaacov_Agam_Fountain_1977.jpg","type":"image\/jpeg"}],"author":"Glyn Moody","twitter_card":"summary_large_image","twitter_creator":"@http:\/\/twitter.com\/glynmoody","twitter_site":"@buyvpnservice","twitter_misc":{"Written by":"Glyn Moody","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#article","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/"},"author":{"name":"Glyn Moody","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775"},"headline":"French data protection authority says it can&#8217;t trust top US Internet companies with EU personal data &#8211; even if they keep it in the EU","datePublished":"2020-10-15T13:00:38+00:00","mainEntityOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/"},"wordCount":942,"commentCount":0,"publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2020\/10\/La_Grande_Arche_de_la_Defense_and_the_Yaacov_Agam_Fountain_1977.jpg","keywords":["cjeu","cnil","dpc","Facebook","fisa","france","healthcare","max schrems","microsoft","Privacy Shield"],"articleSection":["Cybersecurity","Encryption","General Privacy News","Governments","Surveillance"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/","name":"French data protection authority says it can't trust top US Internet companies with EU personal data - even if they keep it in the EU","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#primaryimage"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2020\/10\/La_Grande_Arche_de_la_Defense_and_the_Yaacov_Agam_Fountain_1977.jpg","datePublished":"2020-10-15T13:00:38+00:00","description":"Last month, this blog looked at the continuing repercussions of the decision by the EU's top court, the Court of Justice of the European Union (CJEU), to Continuing repercussions of CJEU decision to strike down Privacy Shield","breadcrumb":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#primaryimage","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2020\/10\/La_Grande_Arche_de_la_Defense_and_the_Yaacov_Agam_Fountain_1977.jpg","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2020\/10\/La_Grande_Arche_de_la_Defense_and_the_Yaacov_Agam_Fountain_1977.jpg","width":1280,"height":721},{"@type":"BreadcrumbList","@id":"https:\/\/www.privateinternetaccess.com\/blog\/french-data-protection-authority-says-it-cant-trust-top-us-internet-companies-with-eu-personal-data-even-if-they-keep-it-in-the-eu\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.privateinternetaccess.com\/blog\/"},{"@type":"ListItem","position":2,"name":"French data protection authority says it can&#8217;t trust top US Internet companies with EU personal data &#8211; even if they keep it in the EU"}]},{"@type":"WebSite","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website","url":"https:\/\/www.privateinternetaccess.com\/blog\/","name":"PIA","description":"Online privacy news from around the world.","publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization","name":"Private Internet Access","url":"https:\/\/www.privateinternetaccess.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","width":1200,"height":1200,"caption":"Private Internet Access"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/privateinternetaccess\/","https:\/\/x.com\/buyvpnservice","https:\/\/www.instagram.com\/piavpn\/","https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w"]},{"@type":"Person","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775","name":"Glyn Moody","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g","caption":"Glyn Moody"},"description":"Glyn Moody is a freelance journalist who writes and speaks about privacy, surveillance, digital rights, open source, copyright, patents and general policy issues involving digital technology. He started covering the business use of the Internet in 1994, and wrote the first mainstream feature about Linux, which appeared in Wired in August 1997. His book, \"Rebel Code,\" is the first and only detailed history of the rise of open source, while his subsequent work, \"The Digital Code of Life,\" explores bioinformatics - the intersection of computing with genomics.","sameAs":["http:\/\/opendotdotdot.blogspot.com\/","https:\/\/www.linkedin.com\/in\/glynmoody\/","https:\/\/x.com\/http:\/\/twitter.com\/glynmoody"],"url":"https:\/\/www.privateinternetaccess.com\/blog\/author\/glynmoody\/"}]}},"_links":{"self":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/14350","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/comments?post=14350"}],"version-history":[{"count":12,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/14350\/revisions"}],"predecessor-version":[{"id":29551,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/14350\/revisions\/29551"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media\/14355"}],"wp:attachment":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media?parent=14350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/categories?post=14350"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/tags?post=14350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}