SEE: GDPR: Fines increased by 40% last year, and they're about to get a lot bigger The majority of the European cloud market, in effect, is controlled by non-European hyperscalers, with recent research showing that more than half of decision makers on the continent use AWS, Microsoft Azure, IBM Cloud and Google Cloud. The EU is increasingly keen to re-assert the bloc's "digital sovereignty", especially when it comes to data infrastructure and cloud services. If they don't comply to the rules, then your privacy will never be protected," Subhajit Basu, associate professor of information technology law at the University of Leeds, told ZDNet.īut there is also a political dimension to the new investigations, according to Basu. There are many social and economic issues that come with relying on only a handful of corporations for your critical infrastructure. "It's not just about law – it's also about ethics. Wiewiórowski recognized that both companies have made amends, but nevertheless said that the announced measures might not be sufficient to ensure full compliance with EU data protection law, and still require a proper investigation. Microsoft has even gone one step further by pledging to enable EU customers to store and process most of their data within the EU by the end of 2022, meaning that personal data wouldn't even need to be sent to the US anymore. When required by law, Amazon also committed to disclose the minimum amount necessary of information, while Microsoft said that it would provide monetary compensation to the customers affected. Both Microsoft and Amazon have promised to contest government requests for access to customer data when they are able to. What's more: since the Schrems II ruling, cloud providers have come forward to announce changes to their policy to better comply with GDPR restrictions. Microsoft Azure and Google Cloud, among others, have already declared adherence to the code of conduct. Recently, the European Data Protection Board validated the use of a new "EU Cloud Code of Conduct", which acts as a standard certifying that a given cloud service provider is GDPR-compliant. The privacy threats posed by the reliance on foreign ICT providers' cloud services have long been flagged by the EDPS: as early as 2018, the privacy watchdog published guidelines for EU institutions that highlighted EUIs' responsibility in ensuring the protection of personal data in cloud infrastructure. In the ruling, the EU Court of Justice concluded that national laws in the US did not match the stringent data protection requirements established by the bloc's General Data Protection Regulation (GDPR), meaning that without additional safeguards, the personal data of EU citizens cannot be safely processed across the Atlantic.įor example, under the Clarifying Lawful Overseas Use of Data Act (CLOUD), US authorities are allowed to require national storage providers to give them access to information held on their servers, even if that data is located overseas. SEE: IT Data Center Green Energy Policy (TechRepublic Premium) The EDPS announced the launch of both inquiries in relation to the Schrems II ruling that occurred last summer and which introduced new obstacles to the transfer of personal data between the US – where Amazon and Microsoft are based – and the EU. What is cloud computing? Here's everything you need to know The top 6 cheap web hosting services: Find an affordable option The best cloud providers compared: AWS, Azure, Google Cloud, and more What is digital transformation? Everything you need to know
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |