How is it possible to transfer data to third countries under the GDPR? | A legal opinion on R&S®Trusted Gate

Schrems II ruling of the European Court of Justice has raised conflicts on the subject of data protection when it comes to the use of cloud solutions. Prof. Dr. Dirk Heckmann of the Technical University of Munich, who is professionally involved in the legal and security aspects of digitization, has now prepared a legal opinion on the subject. In it, he clarifies questions about the use of services from U.S. providers such as Microsoft, Google and Amazon in compliance with data protection laws. Is there a way out of the cloud dilemma?

For a year now, the Privacy Shield has been declared invalid by the European Court of Justice, and European data is therefore not safe from access by U.S. authorities at U.S. providers in the U.S. - but also in Europe. The USA as an "insecure third country" thus makes it impossible to achieve an equivalent level of data protection, which cannot be guaranteed by standard data protection clauses.

Why this is an issue for local enterprises?

Enterprises are increasingly switching off their own servers and relying on US cloud providers such as Amazon (AWS), Google & Co. IT systems are being moved to the cloud; a fact that has seen a significant upward trend since the start of the pandemic and home offices, and not only through video conferencing systems.

For enterprises, the assumption that data stored on servers in Europe is "safe" from access by U.S. authorities does not hold water here, because the CLOUD Act applies. This obligates US companies to hand over stored customer data to law enforcement authorities (in the USA) upon request. This means that companies throughout Europe are currently confronted with a massive risk of fines. Rapid solutions must be found.

According to Prof. Dr. Heckmann's legal opinion, R&S®Trusted Gate can be a data protection-compliant way out for authorities and companies.

The expert opinion itself talks about a "technical innovation." What does it highlight?

It is, above all, the "secure design of a multi-level system" and there is a separation of the contents of the so-called encryption level from the cloud services at the business level. Specifically, this means that external cloud services can be used without personal data being transferred to an "insecure third country."

Rohde & Schwarz , as a company that is committed to secrecy, "credibly" guarantees its customers that this separation is achieved in a technically secure manner.

1. Thanks to R&S®Trusted Gate, the current indications of the data protection supervisory authorities with regard to the use of the incriminated cloud services have been eliminated: In the absence of a transfer of personal data to a third country, the strict requirements of Art. 44 et seq. GDPR are simply not relevant and further proof of an equivalent level of data protection is not required.

2. In addition, concerns regarding export controls are eliminated, because the data does not "leave" the respective country.

Here you can download the legal opinion and here you can learn more about the evaluated solution for privacy-compliant use of cloud services.






私は、このウェブサイトの出版物に記載されているRohde & Schwarz GmbH & Co. KGおよびRohde & Schwarzの法人および子会社が、
ここで選択した手段 (電子メールまたは郵便メール) を通じて、マーケティングおよび広告目的 (特別キャンペーンや値引きに関する情報など) で、私に連絡することに同意します。その内容は、電子計測、セキュリティ通信、モニタリングおよびネットワークテスト、放送およびメディア、そしてサイバーセキュリティ分野の製品やソリューションを含みますが、上記に限定されるものではありません。



お問い合わせ内容が送信されました。 後ほどご連絡致します。
An error is occurred, please try it again later.