The Danish Data Protection Authority (DDPA) has published a new guide on cloud computing that is worth reading. Section 3.5 is of particular interest as this deals with third country data transfers.
The DDPA review the challenges with the US FISA 702, EO 12.333 and the Cloud Act in a very good and understandable manner. However, the conclusions they draw are exactly the same as those of the EDPB in its guide on third country transfers. Something else had been sensational.
There are several examples in the new guide that provide good, practical advice. For instance, example 10 clearly states that one needs to place less emphasis on information that is in the public space, but this has been said and written many times before. At the same time, they write, as has also been said before, that back-end systems can register information that is not in the public space, and then the question is whether there is any help in this at all.
The DDPA's guide is available here.