Recent Posts

Post another title here

by Jake Wilson

Post another title here

by Joe Cool

Post another title here

by Jake Wilson

Welcome

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam pulvinar orci id neque tristique euismod. Integer tincidunt varius orci, pretium consequat dui suscipit eu. Vestibulum vehicula, ligula eu tincidunt facilisis, enim metus accumsan massa, sed tempus sapien ante eu magna. Suspendisse id nunc non nunc sagittis feugiat. 

Read more

Recent Forum Topics

This front page section will display the latest half dozen forum posts to encourage click-through to the Community Forum.

Latest Video / Whitepaper, etc.

This front page section could display a video tutorial or an interview with a project leader. Visitors are encouraged to visit the Resources section for more learning materials and reference links.

Recent Polls

This section would display a current poll and a list of past polls.

« Response to the EC’s White Paper on Modernising ICT Standardisation in the EU - The Way Forward | Main | Trends in Connectivity Report »
Monday
Aug102009

Interoperability and Data Transfer Forum

DateAugust 10, 2009

Cloud computing raises many issues when data processing moves from within an enterprise or on-premises to off-premises across borders. The issue is the effect of obligations under the Data Protection Directive (the "Directive").

Companies using third parties to process personal data must comply with the Directive. The Directive bans the transfer of personal data to any country outside the EEA except where that third country ensures an "adequate" level of protection. The European Commission approved standard contractual clauses in 2001. Whilst these standard clauses provide the necessary safeguards required by the Directive, they are regarded as being inflexible.
  
In March 2009, the Article 29 Working Party issued an opinion on an alternative set of controller-to-processor clauses based on a proposal by the Commission to change the rules to make the clauses more attractive to businesses. The Working Party accepts the concept of a multi-layered sub-processing clause on condition that the appropriate safeguards are laid down to protect individuals. This reflects the approach already taken by the UK Information Commissioner.
 
The Commission is in discussion with business groups on the new clauses and certain issues referred to in the opinion are still unresolved. However, it seems to be agreed that, in addition to allowing for processor-to-processor transfers, the new clauses are likely to permit multiple transfers and that multiple entities may also be parties (allowing a single data exporter to act on behalf of other exporters). In addition, it is likely that the new clauses will allow for the security measures to be described in more general terms than at present and there will be no arbitration clause.
 
The main drawback is that the clauses will only cover transfers to a data processor outside the EEA and not transfers from a data processor in the EEA to a sub-processor outside the EEA. The opinion recognises that this may lead to inequalities in the market. 

Click here for the Article 29 Working Group Opinion.
Click here for the UK Information Commissioner’s Approach.

| Print ArticlePrint Article | | CommentPost a Comment
in ,

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.

Notify me of follow-up comments via email.