Posted by marieandreeweiss on August 22, 2011 · 1 Comment
Le rapport de l’Assemblée Nationale s’intéresse également à l’informatique dans les nuages, le ‘cloud computing’, qui présente de nombreux avantages économiques pour les entreprises, et même pour les gouvernements, mais dont l’utilisation n’est pas sans risques pour la sécurité des données personnelles. (3e partie de notre série)
Filed under Europe, European Union, Français, France, Marie-Andrée Weiss, Outlines, Reports & Surveys · Tagged with Agence Danoise de protection des données, Assemblée nationale française, Centres de données, cloud computing, CNIL, Commission nationale de l’informatique et des libertés, confidentialité des données, Congrès américain, Conseil Supérieur de la Propriété Littéraire et Artistique, CSPLA, data centers, externalisation, FCC, Federal Communications Commission, Google, IaaS, Informatique en Nuage, Infrastructure as a Service, Julius Genachowski, PaaS, Platform as a Service, SaaS, Software as a Service, sous-traitance, sous-traitant, Union européenne, vie privée
O Governo Brasileiro recentemente iniciou o processo de consulta pública sobre o Anteprojeto de Lei de Proteção de Dados Pessoais. Na trilha de países como México e Uruguai, a proposta aborda temas como segurança da informação e a obrigatoriedade dos responsáveis por tratamentos de dados de notificarem a ocorrência de falhas de segurança. Ao mesmo tempo, Phorm, empresa que foi expurgada do Reino Unido há dois anos pelo uso da tecnologia “deep packet inspection” sem o consentimento dos utilizadores da Internet e por isso atualmente é objeto de uma investigação criminal no continente europeu que já perdura dois anos, está testando seus serviços de rastreamento nos dois maiores provedores de Internet do Brasil. Iremos discutir o motivo pelo qual já é tempo da maior economia da América Latina de promover um debate público sobre privacidade e promulgar seus próprios regulamentos sobre proteção de dados e notificações de falhas de segurança.
(Abstract also available in English.)
Filed under Brazil, Cédric Laurant, Latin America, Law, Opinions, Português, Renato Leite Monteiro, South America, South American Law · Tagged with agencias de inteligência, América Latina, Anteprojeto de Lei sobre privacidade e proteção de dados pessoais (Brasil), Argentina, Autoridade de Garantia (Brasil), bancos de dados, California Security Breach Notification Act, Código de Defesa do Consumidor (Brasil), conscientização, Conselho Nacional de Proteção de Dados Pessoais (Brasil), dados pessoais, Decreto N° 414/009 del 31 agosto 2009 (Uruguay), deep packet inspection, difamação, direito de acesso, direito fundamental, Diretiva 2009/136/EC (UE), espionajem, Estado da California, falhas de segurança, falsa privacidade, furto de identidade, Google, informações confidenciais, insegurança jurídica, Internet, intimidade, Lei de Proteção de Dados Pessoais (Brasil), Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México), manejo de dados pessoais, México, notificação de falhas da segurança, Phorm, Privacidade, Proteção de Dados, provedores de acesso à Internet, publicidade, redes sociais, requisições de retirada de conteúdo, segurança, segurança jurídica, sociabilidade, tecnologias da informação, Uruguai, vazamento de informações confidenciais, violação ao direito de privacidade
A central aspect of every cloud service contract is the security of data processing. It is therefore important, if only for liability reasons, that responsibility for specific security measures be clearly assigned. This can be done by using security service level agreements between the cloud service provider and its client that clearly assign who is responsible for which particular security measure.
Storing data in a cloud located outside the EU raises specific legal compliance issues. According to some experts, such clouds are even unlawful. There are, however, some ways to make sure that, even if a data controller stores data into a cloud located in a third country, he is still in compliance with German data protection law. A data exporter must use, in order to satisfy the adequate level of data protection requirement, specific standard contractual clauses for all contracts with a cloud service company located outside the EU. Binding corporate rules are the alternative solution, though only for private clouds.
Filed under Cédric Laurant, Comments, English, EU Law, Europe, European Union, Germany, Marie-Andrée Weiss, Outlines · Tagged with adequate level of data protection, anonymization, Argentina, Article 26 (EU DP Dir.), Article 29 Working Party, BDSG, Binding corporate rules, Bundesdatenschutzgesetz, cloud computing, cloud service contract, cloud service provider, confidentiality, data controller, data processing security, Data Protection Authority, data protection law, data security, data security breaches, Datenschutzzentrum, Düsseldorfer Kreis, Dr. Thilo Weichert, encryption, EU Directive 95/46/EC, European Commission, European Privacy Seal, EuroPriSe, external audit, German Federal Data Protection Act, Germany, Google, IaaS, integrity, liability, PaaS, personal data, private cloud, pseudonym, public cloud, SaaS, Safe Harbor Framework, Safe Harbor self-certification, SAS 70, Security Service Level Agreement, standard contractual clauses, State of Schleswig-Holstein, Switzerland, third country, third party, United States, Yahoo
Are ‘clouds’ located outside the European Union unlawful?
Posted by "Security Breaches" Administrator on July 16, 2010 · 3 Comments
A central aspect of every cloud service contract is the security of data processing. It is therefore important, if only for liability reasons, that responsibility for specific security measures be clearly assigned. This can be done by using security service level agreements between the cloud service provider and its client that clearly assign who is responsible for which particular security measure.
Storing data in a cloud located outside the EU raises specific legal compliance issues. According to some experts, such clouds are even unlawful. There are, however, some ways to make sure that, even if a data controller stores data into a cloud located in a third country, he is still in compliance with German data protection law. A data exporter must use, in order to satisfy the adequate level of data protection requirement, specific standard contractual clauses for all contracts with a cloud service company located outside the EU. Binding corporate rules are the alternative solution, though only for private clouds.
Rate this:
Filed under Cédric Laurant, Comments, English, EU Law, Europe, European Union, Germany, Marie-Andrée Weiss, Outlines · Tagged with adequate level of data protection, anonymization, Argentina, Article 26 (EU DP Dir.), Article 29 Working Party, BDSG, Binding corporate rules, Bundesdatenschutzgesetz, cloud computing, cloud service contract, cloud service provider, confidentiality, data controller, data processing security, Data Protection Authority, data protection law, data security, data security breaches, Datenschutzzentrum, Düsseldorfer Kreis, Dr. Thilo Weichert, encryption, EU Directive 95/46/EC, European Commission, European Privacy Seal, EuroPriSe, external audit, German Federal Data Protection Act, Germany, Google, IaaS, integrity, liability, PaaS, personal data, private cloud, pseudonym, public cloud, SaaS, Safe Harbor Framework, Safe Harbor self-certification, SAS 70, Security Service Level Agreement, standard contractual clauses, State of Schleswig-Holstein, Switzerland, third country, third party, United States, Yahoo