On 23 February 2018, the Article 29 Working Party (WP29) sent a letter to Alban Schmutz, President of Cloud Infrastructure Services Providers in Europe (CISPE), in response to the organisation’s submission of a draft Code of Conduct for Cloud Infrastructure Service Providers.

In conducting its review, the aim of WP29 was to ensure that the draft Code would enable individuals to feel confident that their chosen cloud infrastructure services are compliant with the Data Protection Directive (Directive 95/46/EC) (the ‘Directive’) and the General Data Protection Regulation ((EU) 2016/679) (GDPR). It should be noted that the GDPR recommendations made by WP29 are non-binding for now, with a final assessment of the Code to be made once the GDPR is implemented on 25 May 2018.

In the annexes to the letter, a series of general and specific remarks are made to assist CISPE in re-evaluating and redrafting the Code.Continue Reading Article 29 Working Party makes recommendations following submission of Code of Conduct for Cloud Infrastructure Service Providers

The European Commission (EC) recently proposed the European Cloud Initiative (ECI): a plan to create a world-class data infrastructure to store, manage, transport and process data at high speeds. The primary aims are to support establishment of the ‘Digital Single Market’ in Europe, improve Europe’s position in data-driven innovation, and improve competitiveness and inspire cohesion and collaboration on projects across Europe. By establishing the European Data Infrastructure (EDI – a high-performance computing framework), the ECI will create the European Open Science Cloud (EOSC). The EOSC will provide European researchers and professionals in science and technology an environment in which to store, manage, analyse and share data linked to their research, seamlessly and efficiently across the EU. The aim is to extend the EDI and the EOSC to the public sector and industry by 2020.
Continue Reading The European Cloud Initiative: Will Data Protection Requirements Cause Stormy Weather?

Earlier in 2014, the International Standards Organisation (ISO) developed a new voluntary standard, ISO 27018 (Standard), establishing commonly accepted control objectives and guidelines to protect personal information for a public cloud computing environment.

The need to create trust in cloud solutions led to the development of the Standard, in accordance with one of the key

Back in 2012, the European Commission (‘Commission’) adopted the Cloud Computing Strategy to promote the adoption of cloud computing and ultimately boost productivity. In June 2014, the Cloud Select Industry Group – Subgroup on Service Legal Agreements published Standardisation Guidelines for Cloud Service Level Agreements (‘Guidelines’) as part of this strategy.

To achieve standardisation of

The European Commission has announced that the European Telecommunications Standards Institute (ETSI) has finally released a report titled ‘Cloud Standards Coordination’. This report marks an important step in materialising the European Cloud Computing Strategy ‘Unleashing Potential in the Cloud,’ first published in 2012.

The European Commission tasked ETSI to ‘cut through the jungle of standards’

The EU Agency for Network and Information Security (ENISA) announced in a press release that it has produced a report titled ‘Good Practice Guide for Securely Deploying Governmental Clouds’, which analyses the current state of play regarding governmental Cloud deployment in 23 countries across Europe, categorised on a scale of “Early adoptors”, “Well-Informed”, “Innovators” or

The European Commission announced that the European Cloud Partnership facilitated the meeting of an expert group of lawyers, cloud service providers and customers on November 20, 2013 to “cut through the jungle of technical standards on cloud computing” by setting down safe and fair terms and conditions, and develop an exemplary template contract for cloud

Developing on the European Cloud strategy, ‘Unleashing the potential of Cloud Computing in Europe’ released in 2012, the European Commission has released a memo to foster greater support for cloud computing services in Europe, with the ambition for Europe to become the world’s leading trusted cloud region and a harmonious single market for cloud

The six executive committee members of the Ibero-American Data Protection Network (Network) attended the First Latin American Congress on Data Protection. The Network brings together 22 Data Protection Authorities (DPAs) from Spain, Portugal, Mexico, and a number of countries in Central and South America and the Caribbean. During the 10 years of its existence, the

The Spanish data protection authority, Agencia Española de Protección de Datos (AEPD), has issued three new guidance documents dealing with (1) the use of cookies, (2) cloud computing from a customer perspective and (3) cloud computing from a service provider perspective. The guides provide useful information on how to use modern IT solutions in conjunction