Tag Archives: cloud computing

Article 29 Working Party makes recommendations following submission of Code of Conduct for Cloud Infrastructure Service Providers

On 23 February 2018, the Article 29 Working Party (WP29) sent a letter to Alban Schmutz, President of Cloud Infrastructure Services Providers in Europe (CISPE), in response to the organisation’s submission of a draft Code of Conduct for Cloud Infrastructure Service Providers. In conducting its review, the aim of WP29 was to ensure that the … Continue Reading

The European Cloud Initiative: Will Data Protection Requirements Cause Stormy Weather?

The European Commission (EC) recently proposed the European Cloud Initiative (ECI): a plan to create a world-class data infrastructure to store, manage, transport and process data at high speeds. The primary aims are to support establishment of the ‘Digital Single Market’ in Europe, improve Europe’s position in data-driven innovation, and improve competitiveness and inspire cohesion … Continue Reading

ISO develops the first privacy-specific cloud standard

Earlier in 2014, the International Standards Organisation (ISO) developed a new voluntary standard, ISO 27018 (Standard), establishing commonly accepted control objectives and guidelines to protect personal information for a public cloud computing environment. The need to create trust in cloud solutions led to the development of the Standard, in accordance with one of the key … Continue Reading

European Commission Releases Cloud Computing Service Level Agreements

Back in 2012, the European Commission (‘Commission’) adopted the Cloud Computing Strategy to promote the adoption of cloud computing and ultimately boost productivity. In June 2014, the Cloud Select Industry Group – Subgroup on Service Legal Agreements published Standardisation Guidelines for Cloud Service Level Agreements (‘Guidelines’) as part of this strategy. To achieve standardisation of … Continue Reading

Report Released on Coordinating Standards for Cloud Computing in Europe

The European Commission has announced that the European Telecommunications Standards Institute (ETSI) has finally released a report titled ‘Cloud Standards Coordination’. This report marks an important step in materialising the European Cloud Computing Strategy ‘Unleashing Potential in the Cloud,’ first published in 2012. The European Commission tasked ETSI to ‘cut through the jungle of standards’ … Continue Reading

ENISA Publishes Report & Good Practice Guide on Government Cloud Deployment

The EU Agency for Network and Information Security (ENISA) announced in a press release that it has produced a report titled ‘Good Practice Guide for Securely Deploying Governmental Clouds’, which analyses the current state of play regarding governmental Cloud deployment in 23 countries across Europe, categorised on a scale of “Early adoptors”, “Well-Informed”, “Innovators” or … Continue Reading

EU Nominates Expert Group To Develop Standard Cloud Computing Contract

The European Commission announced that the European Cloud Partnership facilitated the meeting of an expert group of lawyers, cloud service providers and customers on November 20, 2013 to “cut through the jungle of technical standards on cloud computing” by setting down safe and fair terms and conditions, and develop an exemplary template contract for cloud … Continue Reading

European Commission Aims for Europe to be World’s Leading ‘Trusted Cloud Region’

Developing on the European Cloud strategy, ‘Unleashing the potential of Cloud Computing in Europe’ released in 2012, the European Commission has released a memo to foster greater support for cloud computing services in Europe, with the ambition for Europe to become the world’s leading trusted cloud region and a harmonious single market for cloud computing … Continue Reading

Ibero-American Data Protection Network continues to promote data protection development in Latin America

The six executive committee members of the Ibero-American Data Protection Network (Network) attended the First Latin American Congress on Data Protection. The Network brings together 22 Data Protection Authorities (DPAs) from Spain, Portugal, Mexico, and a number of countries in Central and South America and the Caribbean. During the 10 years of its existence, the … Continue Reading

Spanish data protection watchdog publishes one new guidance on cookies and two on cloud computing

The Spanish data protection authority, Agencia Española de Protección de Datos (AEPD), has issued three new guidance documents dealing with (1) the use of cookies, (2) cloud computing from a customer perspective and (3) cloud computing from a service provider perspective. The guides provide useful information on how to use modern IT solutions in conjunction … Continue Reading

U.S. Department of Commerce clarifies the rules on U.S.-EU Safe Harbor in Cloud Computing

In April, the U.S. Department of Commerce’s International Trade Administration (ITA) issued a document clarifying the application of the U.S.-EU Safe Harbor Framework to cloud computing (the clarification). The ITA believes the Safe Harbor framework is “comprehensive and flexible enough” to cover cloud computing in the same way as other data transfers. ITA reminded those … Continue Reading

Payment Card Industry Security Standards Council publishes cloud computing guidelines for cardholder data

In a bid to help organisations better understand their compliance obligations under the Payment Card Industry Data Security Standard (PCI DSS) when using cloud technology to collect, store or transmit credit card data, the Payment Card Industry Security Standards Council (PCI SSC) has published the PCI DSS Cloud Computing Guidelines Information Supplement. Formed through a … Continue Reading

A recent study highlights worrying trends in the legal frameworks for cloud computing

The Business Software Alliance (BSA) Global Cloud Computing Scorecard, released March 7, 2013, indicates that the legal frameworks for cloud computing are improving, but inconsistently and with some worrying trends. The study tracks year-over-year changes in the global cloud policy landscape. It assesses the relevant laws and regulations of 24 countries that together account for … Continue Reading

The European Parliament Committee on Civil Liberties, Justice and Home Affairs warns on the approach to fighting cybercrime and its relationship to cloud computing

The use of cloud computing services is growing at an unprecedented rate, and brings with it concerns over the security of personal data stored on cloud servers. A recent study by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) argues that the main issue arising from the growing use of cloud … Continue Reading

UK Information Commissioner’s Office Issues Cloud Guidance

With a need for mobile access to data and the influx of innovative and affordable cloud computing products to global markets, organisations are shifting towards a greater use of the cloud. In response to its growing popularity, the Information Commissioner’s Office (ICO) has published guidelines on data protection compliance issues surrounding cloud computing. The practical … Continue Reading

The Norwegian Data Protection Authority holds off ban, permitting the use of cloud computing services by Norway Municipalities.

We previously told you about the Norwegian Data Protection Authority’s, Datatilsynet (Norwegian DPA) finding that Google Analytics breached that country’s data protection laws. In an about face, Norwegian DPA has now decided to hold off its ban on the use of Google’s and Microsoft’s cloud computing services by the Municipalities of Narvik and Moss, respectively. … Continue Reading

The European Commission has published a new strategy document on Cloud Computing in the EU

With concerns over the potential fragmentation of the digital single market and the proliferation of different data protection standards for personal data across the EU, the European Commission (Commission) has published new guidance on the use of cloud computing. The Commission has identified the steps it wishes to introduce in 2013 to ensure publicly available … Continue Reading

The German data protection commissioner Schleswig-Holstein publishes recommendations on how to provide and use cloud computing services in compliance with German and European data protection laws.

The Schleswig-Holstein data protection authority (“ULD”) has published a series of recommendations on how to provide and use cloud computing services in a way that is compliant with German and European data protection laws. The recommendations are based on the Article 29 Working Party (the “Working Party”) Opinion on cloud computing (see our client alert), … Continue Reading

Article 29 Working Party Issues Opinion on Cloud Computing

This post was written by Cynthia O’Donoghue. The Article 29 Working Party, which is made up of each of the EU member states’ national data protection authorities, issued an Opinion on cloud computing earlier this month. The Working Party acknowledges that for certain businesses, cloud computing has been an important technological revolution and a key … Continue Reading

The Article 29 Working Party Issues Opinion on Cloud Computing

This post was written by Cynthia O’Donoghue. The Article 29 Working Party (the “Working Party”) issued an Opinion on cloud computing that analyses the applicable law, obligations and other relevant issues for cloud service providers operating in the European Economic Area (“EEA”). The Opinion outlines how the wide-scale deployment of cloud computing services could trigger … Continue Reading

Cloud Computing: The French CNIL Issues Partly Binding Guidance

On 25 June 2012, the CNIL published on its website a summary article and a 10 page conclusion paper, along with a 21-page “recommendations” document, which constitute the French Data Protection Authority’s new guidance in that regard. Aimed to target small- to medium-sized companies considering using cloud computing services, and aimed at helping them make more … Continue Reading

The International Working Group on Data Protection in Telecommunications issues “Working Paper on Cloud Computing” on 24 April 2012

The International Working Group on Data Protection in Telecommunications (“the Working Group”) released a working paper on privacy and data protection issues surrounding cloud computing, specifically examining the processing of personal data. The paper recognises the growing popularity of cloud computing; however, the Working Group advises that caution should be taken because of the fact … Continue Reading

Virtualization and Cloud Computing Security

Many CISOs have lost the ability to choose whether cloud computing is coming to the company. Chief Financial Officers are demanding the cost savings of the cloud, especially during this tentative economic recovery where every penny must be stretched to its maximum capacity. In an attempt to be responsive and bridge the CISO – CFO … Continue Reading

A Crash Course on Education Privacy

This post was also written by Jason H. Ballum, Amy S. Mushahwar, and Frederick Lah. With March Madness on the horizon, did you know that educational institutions are part of another Final Four? One in four data breaches come from higher educational institutions or K-12 schools. In addition to data breaches, schools face unique privacy issues … Continue Reading