Belgium – Court case of use of BYOK when processing personal data at AWS in EU

The Council of State confirmed that the decision of the Flemish Authorities to contract with an EU branch of a US company using AWS cloud services does not breach the GDPR. The Council of State relied, among other things, on guidance issued by the EDPB and Flemish Supervisory Commission, which mention encryption as a possible supplementary measure for data transfers to the US. (BYOK, Bring-Your-Own-Key in context of processing of personal data with AWS in the EU)

Summary, links, etc. at NOYB:
https://gdprhub.eu/index.php?title=Council_of_State_-_251.378

More commentary:

• https://www.linkedin.com/posts/luisalbertomontezuma_belgian-conseil-detat-aws-schrems-activity-6837178667035111424-2rcw/

See also Doctolib case:

• https://gdprhub.eu/index.php?title=CE_-_450163
• https://iapp.org/news/a/why-this-french-court-decision-has-far-reaching-consequences-for-many-businesses/