Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users?

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users?"

Transcription

1 10 Juni 2013 Taylor Wessing - Essay Competition 2013 Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users? by Katarina Kesselová, LLM. Introduction There are various definitions of cloud computing ranging from clouds means somewhere on the Internet to more sophisticated definitions, one of them provided by The National Institute of Standards and Technology. 1 In NIST s view cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. NIST sets five essential characteristics of cloud computing: on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service. In cloud computing three service models are distinguished: Software as a Service (SaaS, applications), Platform as a Service (PaaS, application development) and Infrastructure as a Service (IaaS, data storage). All those business models will fall into the scope of the Regulation, if it is adopted by European Parliament. A proposed reform package contains two legislative texts. Data protection Regulation 2 which addresses the general privacy issues, intended to replace Directive 95/46/EC and a proposed Directive dealing with criminal investigations and regulating the rules regarding judicial activities. 3 We will discuss how the proposed Regulation will reshape the rules for cloud computing providers and clients. 1 MELL, P., GRANCE, T. The NIST Definition of Cloud Computing. Geithersburg : U.S. Department of Commerce, September 2011 Retrieved from: 2 Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data 3 Police and Criminal Justice Data Protection Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection, or prosecution of criminal offenses or the execution of criminal penalties, and the free movement of such data.

2 What's in the clouds for cloud service providers and clients? By adopting data protection rules in a form of a Regulation, single legislative act will apply simultaneously in all 28 member states. Proposed Regulation will harmonize different application of Directive in each state, as each provision will become part of the national legal systems as is and will be binding for individuals and entities directly. 4 International companies like cloud computing businesses are welcoming single data privacy law stretched across Europe. However, full harmonization will not be achieved. Within the limits of Regulation, member states are allowed to adopt their own data protection laws to ensure specific safeguards for processing for health purposes and in the employment context. 5 This remaining fragmentation at domestic level will burden cloud computing business working in those specific areas. At the present state providers based outside Europe, may become subject to the EU Data Protection laws. The Directive in force claims jurisdiction over foreign data controllers when a controller makes use of equipment on the territory of a member state. According to Article 29 Working party 6 the Directive regards cookies that have been put on the personal computer of individuals in the EU in order to identify the PC to the web site in view of linking up that information with others as such equipment. This concept of equipment was abandoned. Proposed regulation will apply to the processing of personal data by a controller not established in the Union in two circumstances. First, when he processes data of data subjects residing in the Union in order to offer them goods or services and when he is monitoring their behavior. As to the kind of activity that is covered by monitoring of behavior, it is aimed at companies using behavioral profiling to show targeted ads on the websites the individual is visiting. Both the Directive and Regulation distinguish between data controller and data processor. Data controller determines the purposes, conditions and means of the processing of personal data. Data processor merely processes personal data on behalf of the controller. At the first sight cloud service client should be a controller and cloud service provider should have the legal standing of a processor. In cloud computing context, particularly in some cases of public PaaS and SaaS, the distinction is not so clear. Both cloud service client and provider determine the means of the processing. Service provider could in principle be considered as joint controller. 7 Knowing who is who is crucial to determine liability. Data controller is responsible towards the data subjects. Conversely, processor has no regulatory responsibility but he has to comply with the contractual obligations with the controller. Also, if a client and a provider are regarded as 4 See Article 288 TFEU for direct applicability of regulations. 5 Article 81 and 82 of the proposed Regulation. 6 Article 29 Working Party. Working document on determining the international application of EU data protection law to personal data processing on the Internet by non-eu based web sites. 7 La Commission Nationale de l'informatique et des Libertés (CNIL) the French Data Protection Authority recommendations.

3 joint controllers, they may both be monitored and potentially sanctioned by Data Protection Authority. In some cases the cloud computing provider will claim to be neither a controller nor a processor, but just a facilitator. 8 Even though the Working Party provided some guidance on how to interpret these definitions, the roles need to be determined on a case-by-case basis. 9 Some argue 10 that this controller-processor-model should be abandoned all together and anyone processing personal information, regardless of its means, conditions or purposes should be viewed upon as a processor. Definition and responsibilities of sub-processors are not dealt with in Regulation. The definition of personal data is condensed into any information relating to a data subject. 11 Unlike the Directive proposed Regulation explicitly recognizes online identifiers as personal data. 12 IP addresses and cookies are indispensable for providing cloud services, for instance, to keep a user logged in. However, recital 24 states that identification numbers, location data, online identifiers [*] as such need not necessarily be considered as personal data in all circumstances. It is when they leave traces and are combined with unique identifiers and other information received by the servers in order to create profiles of the individuals making them identifiable, they are considered personal data. Regulation introduces the requirement of explicit consent given either by a statement or by a clear affirmative action. The controller would have to prove that the data subject has consented to the collection and the use of the data. In written form, consent must be presented separately from other matters, so that data subject is aware that consent is given. Consent hidden in the privacy policies or general terms will not suffice for processing to be lawful. If the controller wants to have the explicit consent, cloud providers will have to adopt the new consent requirement in their software and systems and end-users will be bothered by more contracts and pop-ups. We have seen similar strengthening of consent requirement in relations to cookies. Five EU countries implemented Privacy and Electronic Communications Directive from Whilst firstly it sufficed if a user was given the opportunity to opt out of the tracking, now condition of user s consent determines whether storing and accessing information on users' computers is lawful. In UK as one of the countries that amended their legislation, only 2% of websites rely on explicit cookie consent 14 (a pop-up window) others are inferring the implied consent from the (lack of) actions of the user (not disabling cookies, using the service). Consent shall not provide a legal basis for the processing, where 8 SCHELLEKENS, B.J.A: The European Data Protection reform in the light of cloud computing. Master Thesis. Tilburg University. 9 Ibid 8 10 HERT, P. D.,& PAPAKONSTANTINOU,V. (2012). The proposed data protection Regulation replacing Directive 95/46/EC: A sound system for the protection of individuals. Computer Law & Security Review, 28(2), Article 4 (2) of the proposed Regulation. 12 Article 4 (1) of the proposed Regulation. 13 Directive 2009/136/EC of the European Parliament and of the Council of 25 November

4 there is a significant imbalance between the position of the data subject and the controller. 15 It is a case when data subject is in a situation of dependence from the controller, for example in the employment context. The distinction will be difficult to do in practice, since it is still possible to have genuine consent within a basically imbalanced relationship. 16 If we insist on explicitly given consent, we might end up with a law that is unfriendly to both end-users and cloud service providers. At the present cloud service clients are usually not interested in what country are their data physically located and providers are reluctant to disclose the nature of the security measures they use. Proposed Regulation extends customer s and provider s obligations with respect to data processing. Article 26 for example requires the controller (cloud service client) to choose a processor (cloud service provider) that uses technical and organizational security measures in accordance with Regulation. CNIL offers some guidance 17 on how to assess the level of protection given by the service provider and proposes models of contractual clauses. However, users are not usually able to negotiate providers terms, since they sign one-sided and nonnegotiable click-wrap agreements. Only bigger clients with more purchasing power want to contract on their own standard terms. According to the research 18 security and privacy terms are the third type of most negotiated terms in cloud computing contracts. Contract should also address what will happen at the beginning and end of the contract period. What happens to data after the provider goes out service is not stated in the Regulation. Whether and how the data will be returned to client or destroyed should be negotiated. Regulation adds a provision that goes beyond the current rules. Contract will have to prohibit the provider from retaining the services of a third party without the permission of the client. 19 This would for example prevent SaaS provider, from using an IaaS provider s services without the customer s permission. 20 One-stop shop provision of the proposed Regulation solves one of the business barriers having to deal with supervisory authority in each member state in which the provider does business. If the controller or processor is established in more than one member state, the company would designate a main 15 Article 7 (4) of the proposed Regulation. 16 The Information Commissioner's Office (ICO): Proposed new EU General Data Protection Regulation: Article-by-article analysis paper. 17 La Commission Nationale de l'informatique et des Libertés: Recommendations for companies planning to use Cloud computing services. Retrieved from: es.pdf 18 HON, W. K, MILLARD, Ch. and WALDEN, I.: Negotiating Cloud Contracts - Looking at Clouds from Both Sides Now 16 STAN. TECH. L. REV. 81 (2012); Queen Mary School of Law Legal Studies Research Paper No. 117/ Article 26 (2d) of the proposed Regulation. 20 MARCHINI, R. Cloud Computing under the European Commission s Proposed Regulation To Revise the EU Data Protection Framework. Bloomberg BNA: World Data Protection Report. Volume 12, Number 2.

5 establishment that would be decisive for the determination of the supervisory authority. The Data Protection Authority of the main establishment will supervise the processing of the controller or the processor in all member states. Unnecessary general notification duties 21 of the controller are left out of the Regulation. On the other hand, cloud service customer would be obliged to notify the supervisory body about personal data breach and communicate that breach to the data subject. 22 The proposed Regulation creates more rights for data subject. Heavily debated right to be forgotten is actually already in the present Directive 23 in a form of right to erasure and blocking. 24 It was also the reason for a referral 25 of the Spanish Data Protection Authority. In this case against Google, main question sounds like this: do individuals have the right to oblige search engines to erase or block search results that point to personal information? If the wording of article 17 of the proposed Regulation comes to force, answer will be yes. In Advocate General's opinion, 26 the current Directive does not establish a general right to be forgotten and does not view Google as a data controller in this context: The erasure and blocking of data provided in the Directive concern data whose processing does not comply with the provisions of the Directive, in particular because of the incomplete or inaccurate nature of the data. This does not seem to be the case in the current proceedings. According to proposed Regulation, on the data subject's request controller will have to erase links, copies or replications of personal data and inform third parties which are processing such data about data subject s request. Right to be forgotten can come in conflict with the principle of free speech. 27 It is noteworthy that right to delete is set as a rule and right of freedom of expression and public interest as an exception to the rule. 28 With easy dissemination of information over the internet, right to be forgotten is technically impossible to enforce. 29 Data subjects are also granted right to data portability i.e. the right to transfer personal data (processed by electronic means and in a structured and commonly used format) from one service provider to another, for instance, from Facebook to Google Plus. 21 Articles of the Directive 95/46 22 Articles of the proposed Regulation 23 Commission of the European Communities, Commission Staff Working Paper, Impact Assesment, SEC(2012) 72 final, 25 January Article 12(b) of the Directive 95/46/EHS 25 Reference for a preliminary ruling from the Audiencia Nacional (Spain) lodged on 9 March 2012 Google Spain, S.L., Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (Case C-131/12) 26 Opinion of Advocate General delivered on 25 June 2013 (1) Case C 131/12 Google Spain SL Google Inc. v. Agencia Española de Protección de Datos (AEPD) Mario Costeja González 27 WEBER, R. H. The Right to Be Forgotten: More Than a Pandora s Box?, 2 (2011) JIPITEC 120, para Article 17 (3) of the proposed Regulation 29

6 Conclusion Fragmentation of the data protection rules and difficulties of individuals to stay in control of their personal data were concluded as main problems with the current data protection framework by the EU s impact assessment. 30 Proposed Regulation tackles these obstacles, however, some of these expanded provisions may make it more difficult than the current Directive to use cloud services. Proposed wording is also more stringent than what is usually found under U.S. law. 31 While the new data protection regime leaves off abundant notification duties, it requires controllers and processors to be more accountable. Since there is no explicit regulation of cloud computing on European level, cloud service providers must solve complex legal puzzles. With ecommerce Directive 32 introducing safe harbor liability protection for hosting providers, E-Privacy Directive covering the processing of personal data in the electronic communications sector and Data Retention Directive, it is not yet clear how the Regulation will interact with other legislative acts. Cloud service providers will encounter the negative effects of the division between a general data protection framework and the independent sector specific directives Ibid GILBERT, F. The proposed EU data protection regulation and its impact on cloud users. Retrieved from: 32 Directive 2000/31/EC on electronic commerce 33 SCHELLEKENS, B.J.A: The European Data Protection reform in the light of cloud computing. Master Thesis. Tilburg University.

7 List of references Legislation Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ('Directive on electronic commerce') Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) Proposal for a Police and Criminal Justice Data Protection Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection, or prosecution of criminal offenses or the execution of criminal penalties, and the free movement of such data. Literature GILBERT, F. The proposed EU data protection regulation and its impact on cloud users. Retrieved from: HERT, P. D.,& PAPAKONSTANTINOU,V. (2012). The proposed data protection Regulation replacing Directive 95/46/EC: A sound system for the protection of individuals. Computer Law & Security Review, 28(2), HON, W. K, MILLARD, Ch. & WALDEN, I.: Negotiating Cloud Contracts - Looking at Clouds from Both Sides Now 16 Stanford Technology Law Review. 81 (2012); Queen Mary School of Law Legal Studies Research Paper No. 117/2012. MARCHINI, R. Cloud Computing under the European Commission s Proposed Regulation To Revise the EU Data Protection Framework. Bloomberg BNA: World Data Protection Report. Volume 12, Number 2 MELL, P., GRANCE, T. The NIST Definition of Cloud Computing. Geithersburg : U.S. Department of Commerce, September 2011 Retrieved from: SCHELLEKENS, B.J.A: The European Data Protection reform in the light of cloud computing. Master Thesis. Tilburg University.

8 WEBER, R. H. The Right to Be Forgotten: More Than a Pandora s Box?, 2 (2011) JIPITEC 120, para. 1. Documents Commission of the European Communities, Commission Staff Working Paper, Impact Assesment, SEC(2012) 72 final, 25 January Article 29 Working Party. Working document on determining the international application of EU data protection law to personal data processing on the Internet by non-eu based web sites, 5035/01/EN/Final WP 56, adopted 30 may The Information Commissioner's Office (ICO): Proposed new EU General Data Protection Regulation: Article-by-article analysis paper. V February 2013 Opinion of Advocate General delivered on 25 June 2013 (1) Case C 131/12 Google Spain SL Google Inc. v. Agencia Española de Protección de Datos (AEPD) Mario Costeja González La Commission Nationale de l'informatique et des Libertés: Recommendations for companies planning to use Cloud computing services. Retrieved from: Recommendations _for_companies_planning_to_use_cloud_computing_services.pdf Websites Author (extern) Katharina Kesselovà, LLM. Winner of the TW-Essay Competition 2013

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service Data protection in a swirl of change Overview 1 Data protection issues in cloud computing 2 Consent for mobile applications Security Seminar 2014: Privacy Radboud University Nijmegen 3 The WhatsApp case

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Court of Justice of the European Union PRESS RELEASE No 70/14

Court of Justice of the European Union PRESS RELEASE No 70/14 Court of Justice of the European Union PRESS RELEASE No 70/14 Luxembourg, 13 May 2014 Press and Information Judgment in Case C-131/12 Google Spain SL, Google Inc. v Agencia Española de Protección de Datos,

More information

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined

More information

Factsheet on the Right to be

Factsheet on the Right to be 101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against

More information

CHANGES IN THE WORLD OF CLAIMS MANAGEMENT FROM DEBTORS TO CUSTOMERS

CHANGES IN THE WORLD OF CLAIMS MANAGEMENT FROM DEBTORS TO CUSTOMERS CHANGES IN THE WORLD OF CLAIMS MANAGEMENT FROM DEBTORS TO CUSTOMERS Andreas Aumüller, President of FENCA Federation of European National Collection Associations CONSUMER CREDIT INDUSTRY Annual Convention

More information

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012 The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions

More information

Client Update A New Ruling by the French Data Protection Authority: Is the Right to Be Forgotten Crossing the Atlantic to the U.S.?

Client Update A New Ruling by the French Data Protection Authority: Is the Right to Be Forgotten Crossing the Atlantic to the U.S.? 1 Client Update A New Ruling by the French Data Protection Authority: Is the Right to Be Forgotten Crossing the Atlantic to the U.S.? NEW YORK Jeremy Feigelson jfeigelson@debevoise.com PARIS Frederick

More information

slaughter and may The new EU Data Protection Regulation revolution or evolution?

slaughter and may The new EU Data Protection Regulation revolution or evolution? slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of

More information

Application of Data Protection Concepts to Cloud Computing

Application of Data Protection Concepts to Cloud Computing Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective

More information

Acquia Comments on EU Recommendations for Data Processing in the Cloud

Acquia Comments on EU Recommendations for Data Processing in the Cloud Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing

More information

The Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems

The Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems Privacy PRESENTATION vs Data TITLE Protection: GOES HERE The Impact of EU Data Protection Legislation Thomas Rivera Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted

More information

PARIS - LONDRES. Commission. Mardi 23 octobre 2012 Tuesday 23 October 2012

PARIS - LONDRES. Commission. Mardi 23 octobre 2012 Tuesday 23 October 2012 Commission PARIS - LONDRES Responsable : alain-christian monkam Mardi 23 octobre 2012 Tuesday 23 October 2012 Droit de la protection des données - approche comparée en droit français et en droit anglais

More information

Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation

Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation June 19, 2012 Practice Group(s): Health Care Life Sciences Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation By Mathias Schulze Steinen and Daniela Bohn

More information

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)

More information

Cloud Computing. Introduction

Cloud Computing. Introduction Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between

More information

EU Data Protection Reforms Challenges for Business

EU Data Protection Reforms Challenges for Business www.pwc.com Contents EU Data Protection Reforms Challenges for Business July 2014 1. Introduction 2. The need for change 3. Changes and challenges 4. Recommendations 5. Conclusion 6. For a deeper conversation

More information

Key issues in data protection: a pan-european view

Key issues in data protection: a pan-european view Key issues in data protection: a pan-european view 19 th March 2014 Nicola Fulford, Kemp Little LLP, UK Andreas Peschel-Mehner, SKW Schwarz, Germany Marco Bellezza, Portolano Cavallo, Italy Emmanuel Schulte,

More information

AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING

AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING 1. Overview and Background On 27 September 2012, the European Commission adopted a strategy for "Unleashing the potential of cloud computing in

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively. Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in

More information

Response to the UK Ministry of Justice s Call for Evidence on the European Commission s Data Protection Proposals

Response to the UK Ministry of Justice s Call for Evidence on the European Commission s Data Protection Proposals Response to the UK Ministry of Justice s Call for Evidence on the European Commission s Data Protection Proposals Cloud Legal Project, Queen Mary, University of London This response is made by Christopher

More information

LIABILITY FOR NON-COMPLIANCE WITH DATA PROTECTION OBLIGATIONS

LIABILITY FOR NON-COMPLIANCE WITH DATA PROTECTION OBLIGATIONS LIABILITY FOR NON-COMPLIANCE WITH DATA PROTECTION OBLIGATIONS This document is a rough draft aiming at presenting key provisions, current clauses used in Cloud computing contracts and first drafts on possible

More information

Data protection compliance checklist

Data protection compliance checklist Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing

More information

Response to Justice Select Committee's Call for Evidence on the EU Data Protection Framework Proposals. Cloud Legal Project 17 August 2012

Response to Justice Select Committee's Call for Evidence on the EU Data Protection Framework Proposals. Cloud Legal Project 17 August 2012 Response to Justice Select Committee's Call for Evidence on the EU Data Protection Framework Proposals Cloud Legal Project 17 August 2012 1. This response is by Christopher Millard, Alan Cunningham and

More information

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Privacy vs Data Protection PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Introduction The terms privacy and data protection are often used interchangeable In reality they

More information

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing. Privacy in the cloud computing, and the company concerned is required to submit a risk analysis to DNB. 3 Cloud computing entails the saving, processing and using of company data on the servers of a cloud

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

Corporate Compliance: A Global Perspective

Corporate Compliance: A Global Perspective Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version November 3, 2015 1. Scope and order of precedence This agreement (the Data Processing Agreement ) applies to Oracle s Processing of Personal

More information

Privacy Implications of Cloud Computing in Israel

Privacy Implications of Cloud Computing in Israel January 2012 Privacy Implications of Cloud Computing in Israel Adv. Naomi Assia Co-chairman of the Data Protection Committee -ITECHLAW www.computer-law.co.il Cloud Computing One widely accepted definition

More information

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

More information

Privacy and Security Guidance Cloud Computing in the MUSH Sector

Privacy and Security Guidance Cloud Computing in the MUSH Sector dentons.com Privacy and Security Guidance Cloud Computing in the MUSH Sector Operational Privacy Risks and Opportunities in Cloud Computing: A Focus on Municipalities, Universities, School Boards, and

More information

New EU Data Protection legislation comes into force today. What does this mean for your business?

New EU Data Protection legislation comes into force today. What does this mean for your business? 24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )

More information

The eighth data protection principle and international data transfers

The eighth data protection principle and international data transfers Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue

More information

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law

More information

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)

More information

29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States

29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States 29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States Key data protection points for the trilogue on the data protection directive in the field

More information

Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union Privacy Level Agreement Working Group Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union February 2013 The PLA Outline has been developed within CSA by an expert working

More information

Welcome & Introductions

Welcome & Introductions Addressing Data Privacy and Security Compliance in Cloud Computing Benjamin Hayes, Director of Legal Services, Data Privacy Compliance North America Accenture Copyright 2011 Accenture All Rights Reserved.

More information

User tracking: Scope and Implementation eprivacy Directive Article 5(3)

User tracking: Scope and Implementation eprivacy Directive Article 5(3) User tracking: Scope and Implementation eprivacy Directive Article 5(3) Email Sender & Provider Coalition April 3, 2012 Presented By Karin Retzer 2012 Morrison & Foerster LLP All Rights Reserved mofo.com

More information

Information Technology: This Year s Hot Issue - Cloud Computing

Information Technology: This Year s Hot Issue - Cloud Computing Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.

More information

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,

More information

Privacy in the Cloud: Data Protection and Security in Cloud Computing

Privacy in the Cloud: Data Protection and Security in Cloud Computing SPEECH/11/859 Viviane REDING Vice-President of the European Commission, EU Justice Commissioner Privacy in the Cloud: Data Protection and Security in Cloud Computing Round-table High Level conference on

More information

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:

More information

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last

More information

(a) the kind of data and the harm that could result if any of those things should occur;

(a) the kind of data and the harm that could result if any of those things should occur; Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data

More information

Cloud Computing. Patrick Van Eecke. Partner, DLA Piper Brussels Professor Universiteit Antwerpen

Cloud Computing. Patrick Van Eecke. Partner, DLA Piper Brussels Professor Universiteit Antwerpen Cloud Computing Legal issues Patrick Van Eecke Partner, DLA Piper Brussels Professor Universiteit Antwerpen Cloud computing & the law Infrastructure as a Service Data storage e.g. Amazon S3 Platform as

More information

WHITE PAPER Meeting European Data Protection and Security Requirements with CipherCloud Solutions

WHITE PAPER Meeting European Data Protection and Security Requirements with CipherCloud Solutions WHITE PAPER Meeting European Data Protection and Security Requirements with CipherCloud Solutions Meeting European Data Protection and Security Requirements with CipherCloud Solutions 2015 1 TABLE OF CONTENTS

More information

BCS, The Chartered Institute for IT Consultation Response to:

BCS, The Chartered Institute for IT Consultation Response to: BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First

More information

Drawing Lines in the Cloud: Jurisdictional Access to Data. Nancy Libin Mary Ellen Callahan

Drawing Lines in the Cloud: Jurisdictional Access to Data. Nancy Libin Mary Ellen Callahan Drawing Lines in the Cloud: Jurisdictional Access to Data Nancy Libin Mary Ellen Callahan OVERVIEW Introduction to Cloud Computing Definition Benefits and Risks How does the physical location of data or

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

I. Personal data and its use in the business to business environment.

I. Personal data and its use in the business to business environment. RESPONSE FROM THE DIRECT MARKETING ASSOCIATION (UK) LTD. TO THE EUROPEAN COMMISSION'S CONSULTATION ON THE IMPLEMENTATION OF DIRECTIVE 95/46 EC ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.

More information

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred

More information

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for

More information

10227/13 GS/np 1 DG D 2B

10227/13 GS/np 1 DG D 2B COUNCIL OF THE EUROPEAN UNION Brussels, 31 May 2013 10227/13 Interinstitutional File: 2012/0011 (COD) DATAPROTECT 72 JAI 438 MI 469 DRS 104 DAPIX 86 FREMP 77 COMIX 339 CODEC 1257 NOTE from: Presidency

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Third European Cyber Security Awareness Day BSA, European Parliament, 13 April 2010. Panel IV: Privacy and Cloud Computing

Third European Cyber Security Awareness Day BSA, European Parliament, 13 April 2010. Panel IV: Privacy and Cloud Computing Third European Cyber Security Awareness Day BSA, European Parliament, 13 April 2010 Panel IV: Privacy and Cloud Computing Data Protection and Cloud Computing under EU law Peter Hustinx European Data Protection

More information

Privacy, the Cloud and Data Breaches

Privacy, the Cloud and Data Breaches Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

Data protection issues on an EU outsourcing

Data protection issues on an EU outsourcing Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012 Presentation by: Dr. Nathalie Moreno Partner Cloud Computing and Data Protection: an Update 4 October 2012 Our team Speechly Bircham is an ambitious, international mid-size fullservice law firm head-quartered

More information

E-PRIVACY DIRECTIVE: Personal Data Breach Notification

E-PRIVACY DIRECTIVE: Personal Data Breach Notification E-PRIVACY DIRECTIVE: Personal Data Breach Notification PUBLIC CONSULTATION BEUC Response Contact: Kostas Rossoglou digital@beuc.eu Ref.: X/2011/092-13/09/11 EC register for interest representatives: identification

More information

Oliver Brettle London. Employee Monitoring in the UK and Generally: Concerns Beyond the EU Data Protection Directive

Oliver Brettle London. Employee Monitoring in the UK and Generally: Concerns Beyond the EU Data Protection Directive Oliver Brettle London Employee Monitoring in the UK and Generally: Concerns Beyond the EU Data Protection Directive 6 th Annual Privacy Law Symposium April 27, 2006 The Focus Part I an overview on data

More information

White Paper: Data Protection In The Cloud. Data Protection In The Cloud

White Paper: Data Protection In The Cloud. Data Protection In The Cloud White Paper: Data Protection In The Cloud Data Protection In The Cloud Introduction The rapid emergence of cloud computing has placed it at the forefront of IT decision making and business strategies.

More information

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA: UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person. PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically

More information

Personal Data Protection Policy

Personal Data Protection Policy Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal

More information

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 3 February 2012 5999/12 LIMITE JAI 53 USA 2 DATAPROTECT 13 RELEX 76

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 3 February 2012 5999/12 LIMITE JAI 53 USA 2 DATAPROTECT 13 RELEX 76 COUNCIL OF THE EUROPEAN UNION Brussels, 3 February 2012 5999/12 LIMITE JAI 53 USA 2 DATAPROTECT 13 RELEX 76 NOTE from: Commission services to: JHA Counsellors No. prev. doc.: 17480/10 JAI 1049 USA 127

More information

AMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM

AMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM AMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM On 25 January 2012, the European Commission published a proposal to reform the European data protection legal regime. One

More information

Adopted on 26 November 2014

Adopted on 26 November 2014 ARTICLE 29 DATA PROTECTION WORKING PARTY 14/EN WP 225 GUIDELINES ON THE IMPLEMENTATION OF THE COURT OF JUSTICE OF THE EUROPEAN UNION JUDGMENT ON GOOGLE SPAIN AND INC V. AGENCIA ESPAÑOLA DE PROTECCIÓN DE

More information

Data Protection Ensuring high level of privacy while promoting business innovation and competition

Data Protection Ensuring high level of privacy while promoting business innovation and competition Data Protection Ensuring high level of privacy while promoting business innovation and competition Tele2 AB, Skeppsbron 18 P.O Box 2094, SE-103 13 STOCKHOLM, SWEDEN Tel +46 8 5620 0000, Fax +46 8 5620

More information

ARTICLE 29 DATA PROTECTION WORKING PARTY

ARTICLE 29 DATA PROTECTION WORKING PARTY ARTICLE 29 DATA PROTECTION WORKING PARTY 00658/13/EN WP 204 Explanatory Document on the Processor Binding Corporate Rules Adopted on 19 April 2013 This Working Party was set up under Article 29 of Directive

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

Data controllers and data processors: what the difference is and what the governance implications are

Data controllers and data processors: what the difference is and what the governance implications are ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a

More information

OPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012)

OPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012) OPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012) ARTICLE 29 DATA PROTECTION WORKING PARTY 01037/12/EN WP 196 Opinion 05/2012 on Cloud Computing Adopted July 1

More information

GDPR & Cloud Providers Keynote Presentation

GDPR & Cloud Providers Keynote Presentation Cloudscape VII 9 March 2015 GDPR & Cloud Providers Keynote Presentation Kuan Hon Research Consultant, Cloud Legal Project & MCCRC Centre for Commercial Law Studies Queen Mary, University of London w.k.hon@qmul.ac.uk

More information

European Privacy Reporter

European Privacy Reporter Is this email not displaying correctly? Try the web version or print version. ISSUE 02 European Privacy Reporter An Update on Legal Developments in European Privacy and Data Protection November 2012 In

More information

EUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy

EUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy EUROPEAN PARLIAMT 2009-2014 Committee on Industry, Research and Energy 2012/0011(COD) 26.02.2013 OPINION of the Committee on Industry, Research and Energy for the Committee on Civil Liberties, Justice

More information

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A

More information

DATRET/EXPGRP (2009) 6 FINAL 11 10 2010. Document 6

DATRET/EXPGRP (2009) 6 FINAL 11 10 2010. Document 6 DATRET/EXPGRP (2009) 6 FINAL 11 10 2010 EXPERTS GROUP "THE PLATFORM FOR ELECTRONIC DATA RETENTION FOR THE INVESTIGATION, DETECTION AND PROSECUTION OF SERIOUS CRIME" ESTABLISHED BY COMMISSION DECISION 2008/324/EC

More information

COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document

COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document EUROPEAN COMMISSION Brussels, 10.4.2014 SWD(2014) 135 final COMMISSION STAFF WORKING DOCUMENT on the existing EU legal framework applicable to lifestyle and wellbeing apps Accompanying the document GREEN

More information

FRANCE. Chapter XX OVERVIEW

FRANCE. Chapter XX OVERVIEW Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection

More information

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING

More information

Council of the European Union Brussels, 26 June 2015 (OR. en)

Council of the European Union Brussels, 26 June 2015 (OR. en) Council of the European Union Brussels, 26 June 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 9985/1/15 REV 1 LIMITE DATAPROTECT 103 JAI 465 MI 402 DIGIT 52 DAPIX 100 FREMP 138 COMIX 281 CODEC

More information

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013 CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street

More information

Using AWS in the context of Australian Privacy Considerations October 2015

Using AWS in the context of Australian Privacy Considerations October 2015 Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview

More information

Plus500UK Limited. Statement on Privacy and Cookie Policy

Plus500UK Limited. Statement on Privacy and Cookie Policy Plus500UK Limited Statement on Privacy and Cookie Policy Statement on Privacy and Cookie Policy This website is operated by Plus500UK Limited ("we, us or our"). It is our policy to respect the confidentiality

More information

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL EUROPEAN COMMISSION Brussels, 25.1.2012 COM(2012) 11 final 2012/0011 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing

More information

Data Protection, Software Licenses and other Legal Issues in the Cloud

Data Protection, Software Licenses and other Legal Issues in the Cloud Data Protection, Software Licenses and other Legal Issues in the Cloud Dr. Hendrik Schöttle Rechtsanwalt, Fachanwalt für IT-Recht OSDC 2012, Nuremberg 26. April 2012 Overview Introduction Data Protection

More information

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL EUROPEAN COMMISSION Brussels, XXX COM(2012) 11/3 draft Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal

More information

Cloud Security under the EU Data Protection Directive and draft General Data Protection Regulation

Cloud Security under the EU Data Protection Directive and draft General Data Protection Regulation ENISA EU28 Cloud Security Conference 16 June 2015 Cloud Security under the EU Data Protection Directive and draft General Data Protection Regulation Kuan Hon Senior Researcher, Cloud Legal Project & Microsoft

More information

Data transfers in the Cloud

Data transfers in the Cloud Data transfers in the Cloud Rapporteur: Emmanuelle Bartoli Meeting date: 28 th March 2014 1 The purpose of this document is to explore options for how contracts between Cloud providers and consumers and

More information