European Data Protection Digest

Article 29 Working Party Releases Cloud Opinion, Hawkes Releases Guidelines

CLOUD COMPUTING—EU & IRELAND

July 5, 2012

The Article 29 Working Party has released an opinion on cloud computing that outlines data protection risks, particularly “a lack of control over personal data” and the “unavailability of a common global data portability framework.” The opinion warns that “a lack of transparency in terms of the information a controller is able to provide to a data subject on how their personal data is processed is highlighted…as a matter of serious concern.” For the group, “A key conclusion…is that businesses and administrations wishing to use cloud computing should conduct, as a first step, a comprehensive and thorough risk analysis” and a cloud client “should select a cloud provider that guarantees compliance with EU data protection legislation.” Meanwhile, Ireland’s data protection commissioner has released cloud guidelines, and a UK ICO spokesman said its guidance is in development and will be published in the next few weeks. Editor's note: Tools and templates for conducting risk assessments are available on the IAPP Resource Center
Full Story