Thanks to the IIEA for the heads up on a recent event there on 28 July 2010, Peter Fleischer and Billy Hawkes on Regulating for the Cloud: Updating the EU Data Protection Framework for Cloud Computing, with speeches by Google's Global Privacy Counsel Peter Fleischer and the Irish Data Protection Commissioner. See videos below.
The Fleischer speech covered:
- what's cloud computing - architecture, services, platform, computing model
- how can privacy stay protected in the cloud - potential benefits of cloud computing e.g. allowing online subject access requests and some control via Dashboard-style management tools
- problems (and some suggested possible solutions) on -
- what law applies & overlapping privacy regimes
- governments getting data from cloud providers, and Google's publication of government requests for personal data
- data protection / privacy requirements being based on location of data
- the EU controller-processor model doesn't fit cloud computing and there are issues with the standardised contract terms e.g. -
- "forcing people to take responsibility for auditing and doing that for hundreds and thousands of cloud users all of whom are supposed to "audit" Amazon, I don't even know what that means, I get questions about, does that mean they are supposed to visit a data centre??"
He thinks the ultimate solution is obvious, that doesn't mean it isn't hard -
"We need to come up with global privacy standards in this space, else we'll spend forever debating jurisdiction, applicable law, contorting ourselves in attempts to comply with these divergences as best or as poorly as can be done".
I see Peter Fleischer has also briefly pointed to these speeches.
©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.