Friday, 30 April 2010

EU - cloud computing - data protection, security

EU cybersecurity agency ENISA's recent report on research priorities includes cloud computing, and the EDPS has also made a speech on privacy and cloud computing.

1. ENISA - technology research priorities

ENISA's Priorities for Research on Current & Emerging Network Technologies (PROCENT) study paper (full paper, PDF) has highlighted five areas which they consider are most in need of research in the next 3 to 5 years, as having an impact on the important area of resilience of networks. These areas are -

  1. cloud computing - the paper includes discussion of its impacts on data protection, both benefits and risks, as well as possible directions for future research
  2. real-time detection and diagnosis systems
  3. future wireless networks
  4. sensor networks, and
  5. supply chain integrity.

2. EDPS - data protection & cloud computing

European Data Protection Supervisor Peter Hustinx made a speech "Data Protection and Cloud Computing under EU law", for the Third European Cyber Security Awareness Day, 13 April 2010.

The main challenges he sees in relation to applying the data protection legal framework to cloud computing are -

  1. what role cloud computing providers play - controller or processor
  2. determining whether EU law applies
  3. international data transfers
  4. ensuring more effective data protection - accountability, PbD
  5. processing data for purely personal purposes i.e. cloud computing services provided to end users who use them for purely personal purposes.

Areas of law which he thinks may need amendment, in relation to the proposed updating of the Data Protection Directive, are -

- Applicable law, including a new criterion such as targeting.

- International data transfers, including streamlining the use of BCR and possibly extending the responsibility of controllers.

- Accountability and 'privacy by design', and if necessary even with some ‘privacy by default’.

- The need to impose 'processor' obligations where services are provided to individuals acting in a purely personal capacity.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.