Webinar Cloud Edps
-
Upload
kakushin-group -
Category
Technology
-
view
488 -
download
0
description
Transcript of Webinar Cloud Edps
![Page 1: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/1.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
Applying EU Data Protection
to Cloud Computing
Rosa Barcelo
Legal adviser
European Data Protection Supervisor
![Page 2: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/2.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
Privacy risks in a nutshell
![Page 3: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/3.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
Privacy risks in a nutshell I
• Cloud computing from a privacy perspective:
─ Many cloud applications for consumers
─ Terabytes of data (some sensitive)─ Stored in centres around the world
• Risks:
![Page 4: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/4.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
Privacy risks in a nutshell II
– Security glitches (unintended)– Hacking– Risk of use of data for unrelated purposes– Accessibility restrictions (losing control)– Data stored in countries with poor data
protection laws– Wiretapping by Governments
![Page 5: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/5.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
Application of EU data protection
legislation
![Page 6: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/6.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
Application of EU data protection legislation I
• If Directives apply, cloud provider must (if it is “controller”):
−Ensure the security of the data and subsequent responsibility (Art 17)
‾ Provide information to individuals (Art 10)
![Page 7: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/7.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
Application of EU data protection legislation II
─Application of the purpose limitation principle (Article 6)
─Restriction on international data transfers (Arts 25 and 26)
─Retention principle (Art 6)─Access rights (Art 14)
![Page 8: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/8.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
Application of EU data protection legislation III
•Responsibilities if cloud computing provider fails to fulfill its obligations
•Authorities have enforcement powers
•Sanctions
![Page 9: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/9.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
Challenges and gaps in EU data
protection legislation
![Page 10: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/10.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
The Challenges I
•Is the cloud provider a data controller or a processor?
–The responsibilities are different; –Probably, processor but it will depend
on the circumstances;
![Page 11: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/11.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
The Challenges II
•Determining whether the Directives apply:─Controller is established in the EU─Controller not established in the EU
but uses equipment located in the EU for the processing of personal data
![Page 12: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/12.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
The Challenges III
• Compliance with provisions on international data transfers:
– Is it a data transfer? (Bodil Lindqvist)– Notification to authorities– Safe Harbour and adequacy findings– Putting contracts in place – BCRs & others
• Difficult to apply the rules in case of multiple transfers which are often the case
![Page 13: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/13.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
The Challenges & Gaps IV •If cloud client is an individual
using the cloud for private purposes (eg calendar, storing pictures):
–Similar to Picasa; –Does the Directive apply at all? Is there a lacuna and thus a lack of protection?
–What are the responsibilities of the cloud provider in such cases?
![Page 14: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/14.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
The Challenges & Gaps V
•WP 29 expected guidance
•Changes in the Data Protection Directive
─New principles: Privacy by design, accountability
– Updated rules on international data transfers
– Specific rules for cloud computing?
![Page 15: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/15.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
Conclusions
• When engaging in cloud computing one must:
─ Be aware of EU legislation on data protection & ensure compliance:
─ Be aware that application may be “tricky”(international transfers).
• Hope for solutions:
─ WP 29 guidance─ Changes of the Directive? As part of a broader
attempt to solve other (wider) problems
![Page 16: Webinar Cloud Edps](https://reader036.fdocuments.us/reader036/viewer/2022082915/546cfbcaaf795971298b50f1/html5/thumbnails/16.jpg)
Eu
rop
ean
Data
Pro
tecti
on
Su
perv
isor
Cloud Computing Europe 2010, 1st March
Questions?