European Union Regulatory Issues
International Transfer of Personal Information
With respect to international data transfers, the EU Data Protection Directive prohibits the transfer of personal information of EU residents out of the EU without companies have the “adequate” level of protection. The US is among those countries because it has no national data-privacy laws that meet EU standards. The EU prohibits data transfers from the EU, unless a viable legal mechanism for transfer is implemented. For example, if US companies need to obtain and use EU-origin personal data, companies must comply with this Directive through agreements or the US-EU Safe Harbor Framework.
Classification as Data Controllers and Service Providers
Whether an entity is classified as a data controller or processor affects the liability of the entity for compliance with EU data protection requirements. In particular, it is pertinent that the entity/cloud vendor enter into a data processing agreement with third parties to ensure legal requirements are met.
For more information on how the EU sees cloud computing, see the the European Commission's Information Society & Directorate-General's report titled The European Union: The Future of Cloud Computing: Opportunities for European Cloud Computing Beyond 2010.
Rest of the World
|The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy. Recently, the Office of Privacy Commissioner of Canada launched a consultation on the privacy implications of cloud computing.|
For Global Data Protection Laws around the world, please visit the Privacy International Organization’s International Survey of Privacy Laws & Developments.
- Tanya Forsheit, Legal Implications of Cloud Computing (Privacy and the Cloud), Information Law Group (Sept. 30, 2009) available at http://www.infolawgroup.com/2009/09/articles/cloud-computing-1/legal-implications-of-cloud-computing-part-two-privacy-and-the-cloud/ (last visited Mar. 26, 2010).
- Lisa Sotto, Cloud Computing, BNA Privacy & Security L. Report, 9PVLR 269, Feb. 15, 2010 available at http://lawprofessors.typepad.com/law_librarian_blog/2010/02/privacy-and-data-security-risks-in-cloud-computing.html (last visited March 26, 2010).
- Tim Greene, Schneier: Fight for Privacy or Kiss it Good-Bye, Network World, Mar. 9, 2010, available at http://www.networkworld.com/news/2010/030910-schneier-privacy.html