TECHNOLOGY | Transatlantic: the Future of Data Security and Data Protection
TRANSATLANTIC: the Future of Data Security and Data Protection Max Schrems, the lawyer and privacy activist, discusses the current and potential developments in data protection with a focus on the iGaming sector. Schrems II ruling continues to have a significant impact on businesses worldwide, following the European Court of Justice judgment which invalidated Privacy Shield in 2020. While others were all talking about it, Internet Vikings in collaboration with Holm Security proudly hosted a live webinar session with the man himself — Max Schrems. Lawyer, author, and privacy activist, Max became famous for
his campaigns against Facebook for privacy violations, and complaints under GDPR against Amazon, Apple Music, DAZN, and other big tech companies. The most interesting part of the webinar featured a Q&A session between various stakeholders, who posed realworld concerns directly to Max. The resulting discussion detailed in-depth what application of the judgment actually means for iGaming.
Max Schrems Lawyer, author & privacy activist
"
In a recent case,
Max, as a world-renowned privacy activist with substantial knowledge of the subject, what would happen if somebody's data ends up in the NSA data center? Such problems could stem mainly from conflicts of interest resulting in actions ranging from simple visa issues to surveillance to targeted attacks. In a recent case, SDKs built into apps figured out locations, and forwarded information to the U.S. military. One case in Austria, a neutral country but with substantial trades with Iraq, Iran and Russia, fell under possible sanctions from a U.S. perspective. Similarly, around Nord Stream 2 there are significant issues for the companies engaged in that. If you were to utilize a European provider, are there any European laws like the Cloud Act that would subject companies to the same kind of risk? From a practical perspective, the capabilities of Europe compared to the
U.S. are lower and there is no strict alignment between member states presently. Some states like Germany, France, and Sweden have the capacity for surveillance where others do not. From a legal perspective, article 4 of EU law exempts from GDPR, and compliance issues are simply not there because of the exemption. Basically, if you host in Europe, you are compliant. If you look at the timeline back to 2015, there have been many developments, such as the U.S. Patriot act, Cloud Act, and Privacy Shield. It seems there are always inconsistencies between EU regulations and the U.S. What can we expect in the future? There is a high probability that these conflicts will continue and increase. For a long time, globally, there was little regulation of the Internet, but this has changed substantially and nowadays, we are seeing so much more. Unfortunately,
SDKs built into apps figured out locations and forwarded information to the U.S. military.
