Is it legal or illegal to use american cloud services in Europe?
Patricia Ayojedi presentation about the controversial between USA an Europe regarding cloud business.
Is it legal to use American Cloud Services in Europe?
Martha presentation at Barcelona V Consultants day. about legal aspets of the business in the cloud since american perspective
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...TrustArc
We outline the proposed changes in the EU General Data Protection Regulation (GDPR) and its effect on the privacy of US-EU Data transfers.
Access the complete webinar on how the EU GDPR will affect your business https://info.truste.com/lp/truste/On-Demand-Webinar-Reg-Page.html?asset=J68IQUDK-565
EU US Privacy Shield vs. GDPR Infographic from TRUSTeTrustArc
Infographic that compares the timelines and compliance of EU-US Privacy Shield and EU General Data Protection Regulation (GDPR) framework.
Visit https://www.truste.com/business-products/eu-privacy-shield/ to make your business EU US privacy shield regulation compliant.
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
Webinar to understand the new EU-US Privacy Shield Framework which replaces the EU-US Safe harbor framework followed by a demo of the TRUSTe EU data privacy transfer assessment.
Visit https://info.truste.com/WB-2016-02-10-Insight-Series-Privacy-Shield_RegPage-On-Demand_Recording.html to view the complete webinar.
Is it legal to use American Cloud Services in Europe?
Martha presentation at Barcelona V Consultants day. about legal aspets of the business in the cloud since american perspective
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...TrustArc
We outline the proposed changes in the EU General Data Protection Regulation (GDPR) and its effect on the privacy of US-EU Data transfers.
Access the complete webinar on how the EU GDPR will affect your business https://info.truste.com/lp/truste/On-Demand-Webinar-Reg-Page.html?asset=J68IQUDK-565
EU US Privacy Shield vs. GDPR Infographic from TRUSTeTrustArc
Infographic that compares the timelines and compliance of EU-US Privacy Shield and EU General Data Protection Regulation (GDPR) framework.
Visit https://www.truste.com/business-products/eu-privacy-shield/ to make your business EU US privacy shield regulation compliant.
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
Webinar to understand the new EU-US Privacy Shield Framework which replaces the EU-US Safe harbor framework followed by a demo of the TRUSTe EU data privacy transfer assessment.
Visit https://info.truste.com/WB-2016-02-10-Insight-Series-Privacy-Shield_RegPage-On-Demand_Recording.html to view the complete webinar.
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
To watch the full on-demand webinar recording please visit: https://info.truste.com/WB-2016-05-19-Insight-Series-Global-Privacy-Enforcement-Priorities_RegPage-OnDemand.html
As the scope of EU law extends its reach globally, we are also seeing greater international regulatory co-operation. Whether it’s the FTC, the FCC or European DPAs - global privacy regulators are taking steps to prioritize and address top concerns that affect everyone on a global scale.
In this on-demand webinar the speakers will:
• Review the latest case law and enforcement actions from the last 12 months
• Address the impact of the rise of activism and the role of individuals like Max Schrems who have forced legal changes
• Provide their perspectives on future outcomes and how to keep your company out of the regulatory spotlight
Register to watch this on-demand webinar now to to learn how to keep your company out of the regulatory spotlight: https://info.truste.com/WB-2016-05-19-Insight-Series-Global-Privacy-Enforcement-Priorities_RegPage-OnDemand.html
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
A new transatlantic data transfer framework is changing the way U.S. companies handle, transfer and store data from EU citizens.
Now, American companies face stronger obligations to protect this data, and if your company handles or wants to handle personal data from the EU, it will have to prove it meets the requirements of Privacy Shield.
If the idea of understanding and complying with Privacy Shield seems overwhelming, or you just want to learn more about it, we’re here to help.
In this deck we cover:
• How Privacy Shield differs from Safe Harbor
• The 2 options you have to prove you’re compliant
• The principles of Privacy Shield, and more
Kevin Haley Esq. of Brann and Isaacson explains some of the important issues with changes to the "Safe Harbor" laws in the EU.
What is Safe Harbor?
In early October, in a case involving Facebook, the European Court of Justice invalidated a 15 year old international agreement that permitted US companies to avoid compliance with the letter of European privacy law. Under the so-called “Safe Harbor” at issue in the Facebook case, US companies were permitted to self-certify that they provided a level of protection comparable to that in the EU to personal data stored on their servers located in the US. The ECJ’s ruling at least in part was based on an allegation that US government electronic surveillance-exposed by Edward Snowden-renders personal data housed on US servers unsafe. The rejection of the so-called EU “Safe Harbor” has at least some American companies scrambling to find a way to comply with EU privacy laws. What does this case mean for US catalogers, and more broadly, what are US catalogers doing to comply with the patchwork of international privacy regulations?
Will it matter to your company?
This Pub Talk was a good discussion of this potentially far-reaching topic. While the law is still unfolding there are still plenty of things you can get ahead on right now. Kevin explain what may happen, what it will impact and what you should be doing to make sure you aren't surprised later.
Everything you need to know about the GDPRSpoon London
The frequency of data-related incidents could change with the impending General Data Protection Regulation (GDPR) – the EU’s law that comes into effect in May. The major update to the previous EU data protection law aims to regulate the use and treatment of an individual’s personal data.
A new regulation means organisations that use data will need to be more careful and explicit with gaining consent. After May, companies that maintain poor data protection practices will not only be breaking the law, but could face a hefty €20 million fine or four per cent of a company’s annual turnover.
Needless to say, the GDPR is a pretty big deal with even bigger consequences. Still, no need to panic. Here's everything you need to know about the GDPR.
Should European Businesses Really Fear The Usa Patriot Actfrjennings
The US Patriot Act has struck fear into European users of cloud and it is widely known that this is the means by which FBI can get access to
confidential data and the reason that some UK businesses may be holding back from cloud adoption,
preferring an on-premise solution. But are they right to fear the Patriot Act? This article investigates.
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
Learn about the factors organization should consider when hosting data in Cloud. What are the risks, benefits and implications for data protection and privacy when moving to the business data and applications to cloud?
EU General Data Protection Regulation & Transborder Information FlowDavid Erdos
These slides are based on the talk I gave to the Wisconsin International Law Journal's Annual Symposium "Stamping Privacy's Passport? The Role of International Law in Safeguarding Individual Privacy" (Wisconsin, USA; 8 April 2016). This talk argued that European data protection's formal understanding of transborder data flow regulation (TBDF) is not only potentially very broad but has not appropriately balanced data protection against other key rights such as freedom of information and association. Many of these existing structural difficulties are exacerbated under the newly agreed General Data Protection Regulation (GDPR). In order to better reconcile the values at stake, Data Protection Authorities (DPAs) should also develop models to "authorize" low-risk TBDFs via self-certification by data controllers themselves. Member States should also make broad use of the derogations the Regulation leaves available. More generally, a contextual, risk-based interpretation of the GPDR must be developed which seeks to provide robust privacy and other individual safeguards without putting in jeopardy Europe’s other core values and liberties.
Read about the data privacy protection & advisory in India - evolving rights and obligations related to data privacy & the implementation of data protection reforms.
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
To watch the full on-demand webinar recording please visit: https://info.truste.com/WB-2016-05-19-Insight-Series-Global-Privacy-Enforcement-Priorities_RegPage-OnDemand.html
As the scope of EU law extends its reach globally, we are also seeing greater international regulatory co-operation. Whether it’s the FTC, the FCC or European DPAs - global privacy regulators are taking steps to prioritize and address top concerns that affect everyone on a global scale.
In this on-demand webinar the speakers will:
• Review the latest case law and enforcement actions from the last 12 months
• Address the impact of the rise of activism and the role of individuals like Max Schrems who have forced legal changes
• Provide their perspectives on future outcomes and how to keep your company out of the regulatory spotlight
Register to watch this on-demand webinar now to to learn how to keep your company out of the regulatory spotlight: https://info.truste.com/WB-2016-05-19-Insight-Series-Global-Privacy-Enforcement-Priorities_RegPage-OnDemand.html
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
A new transatlantic data transfer framework is changing the way U.S. companies handle, transfer and store data from EU citizens.
Now, American companies face stronger obligations to protect this data, and if your company handles or wants to handle personal data from the EU, it will have to prove it meets the requirements of Privacy Shield.
If the idea of understanding and complying with Privacy Shield seems overwhelming, or you just want to learn more about it, we’re here to help.
In this deck we cover:
• How Privacy Shield differs from Safe Harbor
• The 2 options you have to prove you’re compliant
• The principles of Privacy Shield, and more
Kevin Haley Esq. of Brann and Isaacson explains some of the important issues with changes to the "Safe Harbor" laws in the EU.
What is Safe Harbor?
In early October, in a case involving Facebook, the European Court of Justice invalidated a 15 year old international agreement that permitted US companies to avoid compliance with the letter of European privacy law. Under the so-called “Safe Harbor” at issue in the Facebook case, US companies were permitted to self-certify that they provided a level of protection comparable to that in the EU to personal data stored on their servers located in the US. The ECJ’s ruling at least in part was based on an allegation that US government electronic surveillance-exposed by Edward Snowden-renders personal data housed on US servers unsafe. The rejection of the so-called EU “Safe Harbor” has at least some American companies scrambling to find a way to comply with EU privacy laws. What does this case mean for US catalogers, and more broadly, what are US catalogers doing to comply with the patchwork of international privacy regulations?
Will it matter to your company?
This Pub Talk was a good discussion of this potentially far-reaching topic. While the law is still unfolding there are still plenty of things you can get ahead on right now. Kevin explain what may happen, what it will impact and what you should be doing to make sure you aren't surprised later.
Everything you need to know about the GDPRSpoon London
The frequency of data-related incidents could change with the impending General Data Protection Regulation (GDPR) – the EU’s law that comes into effect in May. The major update to the previous EU data protection law aims to regulate the use and treatment of an individual’s personal data.
A new regulation means organisations that use data will need to be more careful and explicit with gaining consent. After May, companies that maintain poor data protection practices will not only be breaking the law, but could face a hefty €20 million fine or four per cent of a company’s annual turnover.
Needless to say, the GDPR is a pretty big deal with even bigger consequences. Still, no need to panic. Here's everything you need to know about the GDPR.
Should European Businesses Really Fear The Usa Patriot Actfrjennings
The US Patriot Act has struck fear into European users of cloud and it is widely known that this is the means by which FBI can get access to
confidential data and the reason that some UK businesses may be holding back from cloud adoption,
preferring an on-premise solution. But are they right to fear the Patriot Act? This article investigates.
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
Learn about the factors organization should consider when hosting data in Cloud. What are the risks, benefits and implications for data protection and privacy when moving to the business data and applications to cloud?
EU General Data Protection Regulation & Transborder Information FlowDavid Erdos
These slides are based on the talk I gave to the Wisconsin International Law Journal's Annual Symposium "Stamping Privacy's Passport? The Role of International Law in Safeguarding Individual Privacy" (Wisconsin, USA; 8 April 2016). This talk argued that European data protection's formal understanding of transborder data flow regulation (TBDF) is not only potentially very broad but has not appropriately balanced data protection against other key rights such as freedom of information and association. Many of these existing structural difficulties are exacerbated under the newly agreed General Data Protection Regulation (GDPR). In order to better reconcile the values at stake, Data Protection Authorities (DPAs) should also develop models to "authorize" low-risk TBDFs via self-certification by data controllers themselves. Member States should also make broad use of the derogations the Regulation leaves available. More generally, a contextual, risk-based interpretation of the GPDR must be developed which seeks to provide robust privacy and other individual safeguards without putting in jeopardy Europe’s other core values and liberties.
Read about the data privacy protection & advisory in India - evolving rights and obligations related to data privacy & the implementation of data protection reforms.
Data Privacy vs. National Security post Safe HarborGayle Gorvett
Recent Developments in Transatlantic Data Privacy regulation including adoption of Privacy Shield, GDPR and increasing requests for data access for National Security
Spain is responsible for 80% of European Data Protection fines. (on page 3)Aurélie Pols
A comparative study undergone in 2013 shows that there are huge variations in the level of Privacy inspections and fines in the EU. While most point towards the UK or Germany, it is actually Spain who is responsible for some 80% of Data Protection fines on the European continent.
PECB Webinar: The End of Safe Harbour! What happens Next?PECB
The webinar covers:
• What is Safe Harbour, and how companies were relied on it
• How the end of it will affect US firms
• What will happen next
• How companies will react
• The implications of this act
• What is the solution to this
Presenter:
This session was hosted by Mr. Graeme Parker, Managing Director of Parker Solutions Group, a PECB representative in UK. Mr. Parker has more than 20 years of experience in information security, and data privacy, and was also involved with many companies that were relied on Safe Harbour.
Link of the recorded session published on YouTube: https://youtu.be/cbPUTVtxem0
What is GDPR, the EU’s new facts protection law? What is the GDPR? Europe’s new information privateness and safety regulation consist of heaps of pages’ really worth of new necessities for companies around the world. This GDPR summary can help you understand the law and determine what components of it follow to you. The General information Protection Regulation (GDPR) is the toughest privacy and safety regulation in the world.
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation is designed to update the current legislation which was drafted in a time that was in technology terms, prehistoric.
The Data Protection Directive, drafted back in 1995, harks back to a time when data processing was more about filing
cabinets than data rack enclosures. It’s time to evolve.
The Slides.com version of a short article on rebalancing data protection frameworks but more importantly how to smOOthly move away from a “You’re the product” paradigm towards a "Value Your Data” environment.
En enero de este año, la Comisión Europea reveló un borrador de su Reglamento de Protección de Datos Europea para reemplazar la anterior Directiva de Protección de Datos.
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
The European Union’s proposed new data protection regulation aims to update Europe’s data protection laws and to provide a more consistent data protection framework across the Continent.
But the new regulation, which replaces the EU’s existing data protection directive and member states’ data protection laws, will put some new demands on organisations holding personal data. Breach disclosure and “the right to be forgotten” will force businesses to update their data protection and retention policies.
This presentation will:
- Review the current EU laws, and contrast them with laws in other parts of the world;
- Examine the arguments for strengthening data protection in Europe, and the likely outcomes;
- Look at what security teams should already be doing to put themselves ahead of legislative changes;
- Outline strategies and technologies organisations need to meet current and future data protection requirements
- Help infosecurity teams to explain the changes – and their consequences – to their boards
IT law : the middle kingdom between east and WestLilian Edwards
Privacy as a value is often as conflicting with and less important than other major societal goals such as nation state secureity and business profits. China as a socialist state emerging a a major digital economuic force may fall prey to both these assumptions. However the recent history in the West shows that over zealous national secueity infringing citizen privacy, as revealed in the recent Snowden PRISM/TEMPORA etc scandals, may backlash against business profits as well as reducing citizen trust in security.China can learn from these lessons as it expands its own privacy law especially in the IT/telecoms area.
Similar to Patricia Ayojedi V SCTC day Cloud 24 feb16 (20)
AIRESS is a portable, autonomous, easy-to-use, and economical medical device class IIb (Europe) to replace mouth-to-mouth resuscitation techniques, which are absolutely advised against by COVID-19. This medical device will remain very useful and necessary in the post-pandemic era because it improves cardiorespiratory resuscitation procedures. Using AIRESS, a unique rescuer can attend to a patient by focusing on providing cardiac massage to the patient.
AIRESS has an amazing market because is the right complement to a defibrillator (DEA). 300 units per 100K inhabitants is the ratio of DEAS deployed, for example, in Japan and US
Help us to save lives by improving cardiorespiratory resuscitation techniques forever.
Cristal clear concepts to sucessfully face energy transformation for a greener future.
Summary of the ideas exposed in the panel Transformation for a Greener Future at Smart Cities Summit and Expo at Taipei (Taiwán) on March, 20, 2024
David Steen presentation at Abat Oliba University about the evolution of the telecom technology and the telecom industry.
VII Society of Communications Technology Consultants International conference at Barcelona during MWC24
Slides of my presentation Healthcare digital transformation - How to lead it at the prestigious Official College of Physicians of Barcelona on May, 10th 2023
Healthcare digital transformation is a must worldwide. Learn the best practices to lead such a challenging process. Understand the key success factors.
The demographic changes and the lack of human resources, doctors, and nurses, only can be faced using digital technologies.
Agustin Argelich's presentation at Abat Oliba University in Barcelona about the 5+1 indicators of the methodology of the think tank Intelligent Community Forum to build prosperous societies.
Creative ideas to build prosperous, innovative, and resilient societies.
6 indicators: Technology, talent, innovation, sustainability, social awareness, continuous improvement, equity, leadership.
Watch the video of the event at: https://youtu.be/sye_pPsbm50
Innovation represents changing, therefore, difficulty. In consequence, a successful innovation needs brilliant leadership. Which are the 5 key factors to lead it successfully?
This is my presentation at Global Emerging Innovation Summit (EIS’22) Melbourne, Australia 29-31 August 2022
Digital transformation: what does it mean for Vietnam, and how to lead it to ...Agustin Argelich Casals
Given the social, sanitary, demographic, economic, and technological changes occurring worldwide, a community can only respond by innovating and efficiently using the right technology. We name this process Digital Transformation. Digital transformation allows a country to improve its citizens' quality of life very quickly. Let's see how.
But, innovation represents changing, therefore, difficulty. In consequence, a successful digital transformation needs brilliant leadership. Which are the best practices to lead it?
Agustin Argelich presentation at Barcelona World Jurist Association Congress in May 2016
The lemma of the congress was: Internet: Challenges to Peace and Freedom
The new role of Governments in deregulated telecom markets. Who is responsibl...Agustin Argelich Casals
Conference of Mr. Georges Mokhbat at 14th Diada de les Telecomunicacions de Catalunya
The new role of Governments in deregulated telecom markets. Who is responsible for “Digital Highways”
My conference at ICF 2021 Conference at Marple Ridge and Langley, British Columbia - Canada.
Digital infrastructures are key not only to survive a crisis but to fuel recovery and prosperity
COVID crisis confirms the strongness of ICF methodology
TEBIOM has launched a fundraising round for TBIOM a disruptive and much-needed project of an emergency ventilator ("resuscitator"). AIRESS is a portable, autonomous, easy to use, and economical medical device to replace mouth-to-mouth resuscitation techniques, absolutely advised against by COVID-19
AIRESS is a portable, autonomous, easy to use, and economical medical device to replace mouth-to-mouth resuscitation techniques, absolutely advised against by COVID-19.
Presentación de cuales son la razones por las que Taiwan ha gestionado con éxito en la crisis de Coronavirus con solo 440 infectados y 7 difuntos. Qué estrategia ha aplicado y en que se fundamenta su éxito.
X desayuno de economía y empresa de Societat Civil Catalana
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
1. Cloud
Is it legal or illegal to use American
cloud services in Europe?
PATRICIA AYODEJI
Dual qualified Lawyer, England & Spain
Member of The Law Society, London &
Ilustre Colegio de la Abogacía, Barcelona
Founding Lawyer E-PDP
payodeji@icab.cat
24th February 2016
www.e-pdp.es
3. 2016 E-PDP PROTECCIÓN DE DATOS PERSONALES
CLOUD DOES NOT…
Remove our responsibility for data protection,
data security, data integrity, data confidentiality
and business continuity .
We cannot entrust or delegate these to the
cloud provider. Contractual clause invalid!
5. What you should know......
Not on a par......
Data is governed by a patchwork of state and federal laws, with new reforms added all the
time. Europe has a more harmonised regime – and there are big changes planned!
Privacy Act 1974
Guarantees three primary rights which federal agencies must abide by:
•The right to see records about oneself, subject to Privacy Act exemptions;
•The right to request the amendment of records that are not accurate, relevant, timely or
complete; and
•The right of individuals to be protected against unwarranted invasion of their privacy
resulting from the collection, maintenance, use, and disclosure of personal information.
Only applies to U.S CITIZENS OR non-U.S citizens who are permanent residents.
Judicial Redress Act 2015
Gives citizens from approved EU countries (“U.S.-allied countries”) the right to sue federal
agencies that mishandle their personal data in a similar way to rights Americans enjoy under
the Privacy Act. Americans already enjoy similar rights in Europe. The right to redress is
subject to the same restrictions U.S. citizens face under the Privacy Act, including broad
exemptions for national security.
7. 2016 E-PDP PROTECCIÓN DE DATOS PERSONALES
Charter of Fundamental Rights of the
European Union
Title II Freedoms
Article 8 Protection of Personal Data
1. Everyone has the right to the protection of personal data concerning
him or her.
2. Such data must be processed fairly and on the basis of the consent of the
person concerned or some other legitimate reason laid down by the law.
Everyone has the right of access to data which has been collected
concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an
independent authority.
8.
9. Data Protection
Directive 95/46/EC -> L.OPD 15/1999
PROTECTS PERSONAL DATA OF EU CITIZENS AS USERS OF CLOUD
& WHEN IN CUSTODY OF A CLIENT OF CLOUD SERVICES.
In process of reform! New EU Data Protection Regulation.
Expected to be formally agreed shortly and in place in 2018. ONE
SINGLE LAW, which will enter into force after a transition period
of 2 years). Higher fines–up to 4% of turnover when companies
have violated the privacy of a European.
Extended territory includes all non-EU companies with
no establishment in EU who offer goods/services
(including free of charge) to EU citizens.
Ireland will cease to be a soft option for U.S
companies.
10. Some Data Protection questions
• Do they share data with third party subcontractors? Do you know who
they are & what services are outsourced? where their servers are
located?
WhatsApp, Gmail… involve the processing of data via undetermined
servers and companies throughout the world.
• Are you sure data not used for other purposes?
• In case of breach do they have the appropriate insurance?
If our cloud provider does not provide us with certain guarantees all
responsibility for the data lies with us!
12. 2016 E-PDP PROTECCIÓN DE DATOS PERSONALES
US Safe Harbour Scheme
Turning point in international transfers to
the US....The strike down of Safe Harbour!
6 October 2015, EU Court of Justice– Schrems vs. Facebook Judgment
C-362/14 (Facebook- mass-surveillance programs by NSA. Snowden’s NSA leaks
demonstrated that European data stored by US companies was not safe from the type of surveillance
which would be considered illegal in Europe) proclaims that the 15 year old Safe Harbour, the
legal framework that American companies have used to handle European citizens’ data does
not provide an adequate level of protection and does not provide guarantees equivalent to
those established in the European Union.
Judgment invalidated the legal basis for US-EU Safe Harbour.
If your company relying on Safe Harbour it is in an illegal situation and may face
enforcement proceedings depending on the DPAs in question!!
13. AGPD : Spanish Data Protection Authority’s response to
EU Court of Justice Schrems Judgment, Madrid, 29th October
2015
In exercise of its powers the AEPD, Spanish Data Protection Authority required that at the
earliest, and in any case before 29 January 2016, that all transfers of data from Spain to
the U.S be notified or modified in the General Data Protection Registry and, if necessary,
include details of their compliance with data protection legislation.
Failing to do so within this period, the Authority may initiate proceedings, if necessary,
to temporarily suspend such international transfers.
https://www.agpd.es/portalwebAGPD/canalresponsable/transferencias_internacionales/common/Comunicacion_r
esponsables_-_Puerto_Seguro.pdf
14. The US Government’s response to Schrems
U.S. Secretary of Commerce Penny Pritzker
“…..We are deeply disappointed in today’s decision from the
European Court of Justice, which creates significant uncertainty for
both U.S. and EU companies and consumers, and puts at risk the
thriving transatlantic digital economy. Among other things, the
decision does not credit the benefits to privacy and growth that
have been afforded by this Framework over the last 15 years….”
15. How do we use American cloud services in Europe without
running afoul of EU data protection law! Alternative
compliant data transfer mechanisms .....
Data localisation- actual whereabouts of data
Choose Spanish/EU provider e.g. migrate from Georgia based Mailchimp (Privacy
policy disclose personal information to comply with court orders and subpoenas) to
Madrid based Mailrelay (data centres in EU). Basic, but effective means to influence
jurisdiction. Option for large organisations.
EU model contractual clauses
For transfers to countries or territories that do not ensure an adequate level of
protection (which now includes the USA). In Spanish & English!
Binding Corporate Rules ( BCRs )
A set of legally enforceable internal rules ( such as a Code of Conduct ) regarding
data privacy and security, to ensure that transfers of personal data outside of the EU
take place in accordance with EU rules. A valid solution. Greater flexibility
THESE OPTIONS REMAIN FORMALLY EFFECTIVE & LEGAL
16. #FLISH FLASH Successor to Safe Harbour:
EU-US Privacy Shield
2nd February 2016
http://ec.europa.eu/avservices/video/player.cfm?ref=I115848&sitelang=en
EU Commission & US Dept. of Commerce
•New living framework for transatlantic data flows with continuous process of monitoring
by EU Commission & annual review which will look at all aspects of the agreement.
•Multiple channels for EU citizens to report any “misuse” of their personal data.
Companies will have deadlines in which to respond to complaints.
•EU citizens will benefit from legal redress for privacy violations .
•Severe restrictions on indiscriminate mass surveillance of European citizens by U.S
17. EU-US Privacy Shield
The situation has not
changed since Schrems
WP29, ( body of representatives of individual European Member States’ DPAs ) EU-
US data transfers won’t be blocked while Privacy Shield details are hammered out!
Is the arrangement robust enough? Not in fact certain that will pass scrutiny of the
WP29 (quality, content, legal consequences) or the ECJ (the ultimate authority on
enforceability of the new pact).
Plenty of questions remain & a deal is not really done yet!
Uncertainty likely to prevail for some time!
18. Security
Employees remain the weakest link within an organisation!
What security measures does it have in place and does it offer levels
of security equivalent to local access?
Preventative measures for viruses, hackers, spies?
Do they keep security copies?
ISO certification?
ISO/IEC 27018 (Aug. 2014 ) code of practice to ensure cloud service providers
offer suitable information security controls to protect PII processed in public cloud
ISO/IEC 27017 Cloud specific information security controls & advice for cloud
service customers and providers. Published end of 2015. Agreement with
information security roles & responsibilities of both parties.
21. Data integrity
• Measures taken by the provider to mitigate risks
of data being involuntarily compromised?
• Who can access data? What can they do with it?
• What happens when you want to change cloud
provider? Will critical data be inaccessible? For
how long ?
2016 E-PDP PROTECCIÓN DE DATOS PERSONALES
22. Continuity: Portability & Interoperability
Ability to retrieve and shift data & services between
different cloud systems.
Portability a new right under the new Regulation
designed especially for cloud services. i.e. ability to get
structured, legible information in a format compatible
with other systems!