Privacy and Access 20/20 Conference. Data Sovereignty and Data Localization. Does it matter?

Similar documents
Protecting Saskatchewan data the USA Patriot Act

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

FACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, My name is Richard Allan, and I am the Director of Public Policy

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?

Safe Harbour Agreement no longer a valid basis for EEA to US transfers of personal data

Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister

Context. To cloud or not to cloud, that is a very serious question. Legal challenges in a post Safe Harbour and pre GDPR cloud world

AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL OF PROTECTION

DSCI Inputs on TRAI Consultation on Regulatory Framework for OTT services

WHITE PAPER Meeting European Data Protection and Security Requirements with CipherCloud Solutions

Future Proof Your ediscovery Practices

John O. Brennan Central Intelligence Agency Office of Public Affairs Washington, D.C November 4, Mr. Brennan:

Using AWS in the context of Australian Privacy Considerations October 2015

Legal Profession Amendment (Fixed Costs) Regulation 2013

LSSA Guidelines on the Use of Internet-Based Technologies in Legal Practice

GSK Public policy positions

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING

Cloud Computing Contracts. October 11, 2012

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005

Privacy and data protection in a post-snowden world. Carly Nyst Head of International Advocacy

M&T BANK CANADIAN PRIVACY POLICY

The HR Skinny: Effectively managing international employee data flows

Whistleblowers How to mitigate the multiplying threats to your business

THE TRANSFER OF PERSONAL DATA ABROAD

Cloud Computing: Privacy & Jurisdiction from a Canadian Perspective

Government Surveillance, Hacking, and Network Security: What Can and Should Carriers Do? Kent Bressie PITA AGM, Tonga April 2015

The cloud thing: Privacy and cloud computing

The North Atlantic Treaty (1949)

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues

Bill C-51, Anti-terrorism Act, 2015 Executive Summary

Review of Building the Canadian Advantage: a Corporate Social Responsibility Strategy for the Canadian International Extractive Sector

AskAvanade: Answering the Burning Questions around Cloud Computing

Acquia Comments on EU Recommendations for Data Processing in the Cloud

SUBMISSION TO THE SPECIAL COMMITTEE TO REVIEW TRANSBORDER DATA FLOWS AND THEIR REGULATION THE FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT

Brad Smith, General Counsel & Executive Vice President, Legal and Corporate Affairs, Microsoft

Cloud Security Trust Cisco to Protect Your Data

As part of their course on law and/or sociology in this module, participants will be able to:

THE PHONE RINGS FROM DOWN SOUTH: WHAT ISSUES SHOULD I CONSIDER FOR EXPANDING MY U.S. FRANCHISE INTO CANADA?

Doing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance

Joint Innovate UK and CW Legal SIG Event - Internet of Things Workshop - 17th March Contracting for IoT

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on

Irish Tax Institute. Response to OECD Discussion Draft: Make Dispute Resolution Mechanisms More Effective

Cloud Computing: Privacy and Other Risks

Industry Engagement Event. CLOUD COMPUTING SOLUTIONS CONSULTATION EN /A November 13 th, 2014 Delta Hotel, Ottawa.

FORM F1 Calculation of Excess Working Capital. Firm Name. Capital Calculation (as at with comparative figures as at )

Minister Shatter presents Presidency priorities in the JHA area to European Parliament

White paper Reaping Business Value from a Hybrid Cloud Strategy

Data Privacy in the Cloud: A Dozen Myths & Facts

SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F Saskatchewan Workers Compensation Board

FACTORING AND FINANCING IN CANADA WHAT EVERY U.S. FACTOR AND LAWYER WANTS TO KNOW ABOUT PURCHASING AND TAKING SECURITY ON CANADIAN RECEIVABLES

ANGUILLA FINANCIAL SERVICES COMMISSION

Intellectual Property Rights In China

The United States Federal Trade Commission ("FTC") and the Office of the Data Protection Commissioner of Ireland (collectively, "the Participants"),

Civil Antitrust Litigation in the United States: Implications for Ireland and the European Community

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

AlixPartners, LLP. General Data Protection Statement

Credit Union Liability with Third-Party Processors

Privacy & Data Security: The Future of the US-EU Safe Harbor

PRINCIPLES OF INTERNATIONAL LAW

WILLS AND CROSS-BORDER ASSETS

Transcription:

Privacy and Access 20/20 Conference Data Sovereignty and Data Localization Does it matter? 13 November 2015 1

Overview To focus the mind: Microsoft vs. USA 2015 Stepping back to leap forward: The basic notions of sovereignty and data localization The practical context: International national security and public safety enforcement coordination Storage in the cloud Setting realistic goals in a connected world 13 November 2015 2

Microsoft vs US 2015 (Microsoft Ireland case) US search warrant against Microsoft for personal information held by Microsoft Services in Ireland Microsoft s refusal based on non-application of US law in Ireland thus requiring use of MLAT US DoJ argument that criteria is not residency of data but control and custody Ireland would be pleased to consider, as expeditiously as possible, a request under the treaty, should one be made. 13 November 2015 3

Upshot Whoever wins, the data will be within US reach By U.S. warrant under U.S. Stored Communications Act or By Irish warrant through MLAT which Ireland is ready to concede What about data sovereignty and localization? 13 November 2015 4

Sovereignty The power of a State to govern a defined territory Territorial link is defined by Physical location (of victim, act, parties, etc. ) Rules of international law (jurisdiction in the high seas, immunity of embassies ) In what territory is data localized? 13 November 2015 5

Data localisation Local: on local servers Limited accessibility Multinational: on data centres held by multinationals Limited but wide accessibility International: on cloud Variable accessibility But does it matter? 13 November 2015 6

The practical context Mutual legal assistance treaties (MLATs) allow State signatories to exchange personal information for law enforcement Letters rogatory, from foreign to Canadian court, seek assistance such as obtaining records, in the absence of an MLAT Inapplicability of the Canadian Charter of Rights and Freedoms to foreign authorities on information gathering U.S. vs Viscomi ONCA 2015 13 November 2015 7

Multinational storage on cloud allows multinational accessibility Five Eyes intelligence alliance for joint cooperation in signals intelligence is an information sharing space for Canada, US, Australia, New Zealand and UK. So what about sovereignty and localisation? 13 November 2015 8

Data sovereignty and data localisation in a connected world 1 International norms ISO 27018 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors New Safe Harbor, models clauses and BCRs Technological protections Default encryption 13 November 2015 9

Data sovereignty and data localisation in a connected world 2 Political protections Limitation of collection and sharing through legislative amendments Oversight of information sharing Supporting EU pressure on US law enforcement access Requiring compliance with ISO 27018 as an industry standard for privacy on the cloud Exclusion of States with dubious court records Justice O Connor, Arar Inquiry 13 November 2015 10

In a word Data localization matters in process not outcomes In a democracy, process is the value Data protection in a connected world rests on process 13 November 2015 11

Thank you Dentons Canada LLP 99 Bank Street Suite 1420 Ottawa, Ontario K1P 1H4 Canada Dentons is a global law firm driven to provide a competitive edge in an increasingly complex and interconnected world. A top 20 firm on the Acritas 2014 Global Elite Brand Index, Dentons is committed to challenging the status quo in delivering consistent and uncompromising quality in new and inventive ways. Dentons' clients now benefit from 3,000 lawyers and professionals in more than 80 locations spanning 50-plus countries. With a legacy of legal experience that dates back to 1742 and builds on the strengths of our foundational firms Salans, Fraser Milner Casgrain (FMC), SNR Denton and McKenna Long & Aldridge the Firm serves the local, regional and global needs of private and public clients. www.dentons.com. 2015 Dentons. Dentons is a global legal practice providing client services worldwide through its member firms and affiliates. This document is not designed to provide legal or other advice and you should not take, or refrain from taking, action based on its content. We are providing information to you on the basis you agree to keep it confidential. If you give us confidential information but do not instruct or retain us, we may act for another client on any matter to which that confidential information may be relevant. Please see dentons.com for Legal Notices.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information