Are ‘clouds’ located outside the European Union unlawful?

Threatening cloud (New York, NY) - Marie-Andrée Weiss, 2010

A central aspect of every cloud service contract is the security of data processing. It is therefore important, if only for liability reasons, that responsibility for specific security measures be clearly assigned. This can be done by using security service level agreements between the cloud service provider and its client that clearly assign who is responsible for which particular security measure.
Storing data in a cloud located outside the EU raises specific legal compliance issues. According to some experts, such clouds are even unlawful. There are, however, some ways to make sure that, even if a data controller stores data into a cloud located in a third country, he is still in compliance with German data protection law. A data exporter must use, in order to satisfy the adequate level of data protection requirement, specific standard contractual clauses for all contracts with a cloud service company located outside the EU. Binding corporate rules are the alternative solution, though only for private clouds.

Rate this:

The Safe Harbor Framework: not a “safe harbor” anymore for US companies? German expert body insists on stronger compliance stance

Carantec Harbor (Port de Carantec), Brittany, France - (c) 2009 Cédric Laurant

On April 29, 2010, the Düsseldorfer Kreis, an informal group of German data protection authorities, published a decision that could have significant repercussions on U.S. companies importing personal data from organizations operating in the European Union. One of these repercussions is that German organizations exporting personal data to the United States should check if the U.S. data importer does indeed comply with the Safe Harbor Framework. Security plan recommendations will provide for a useful guideline to E.U. data exporters to help them comply with the Safe Harbor’s Security Principle.

Rate this:

  • Blog authors

  • Copyright notice

    © Copyright 2010-2014 "Information Security Breaches & The Law".
    All rights reserved, unless noted otherwise under each author's post, page or other material.
    If you would like to discuss licensing terms, contact us at: info [at] security-breaches [dot] com.

  • Enter your e-mail address here to follow this blog and receive notifications of new posts by e-mail.

  • The “Global Information Security Breach Professionals” Group on Linkedin

  • Wordpress Blog Stats

    • 31,617 hits
Follow

Get every new post delivered to your Inbox.

Join 438 other followers