54.1 F
Sunday, January 17, 2021

Column: Cross-border Cloud Concerns

By Neil S. Ende

This is Part II of this article. Read Part I, on contract concerns and FCC enforcement of privacy regulations, by clicking here.

There are a few particular areas of legal concern relating to cloud services. For end users, concerns about the adequacy of the contracts with their cloud service providers; and for cloud service providers, concerns arising out of the increased emphasis by government agencies, such as the Federal Communications Commission, on enforcing security and privacy regulations, and concerns relating to the storage of data from the European Union.

Cross Border Privacy Issues

The Cloud has facilitated the transfer of data across borders, triggering additional regulatory requirements in addition to the ones providers face for domestic concerns.

For example, European Union Data Protection Directive 95/46/EC requires that the transfer to a third country of personal data that is undergoing processing or intended to undergo processing may only occur if the country to which such data is transferred “ensures an adequate level of protection” of such data, or if such transfer is allowed as a derogation.

Thus, a company transferring personal data from the EU for processing outside of the EU must not only comply with all applicable regulations in the country where the data will be processed, but also these requirements of the EU. While this Directive applies only to EU Member States, these Member States have implemented the Directive through their own local laws, creating regulatory obligations for not only EU-based companies, but any company that transfers EU personal data for processing outside of the EU.

The U.S. has facilitated the transfer of EU personal data to the US for processing by adopting the US-EU Safe Harbor Framework, which allows US organizations to join the safe harbor list by certifying, on an annual basis, that they comply with the Framework’s seven Safe Harbor Privacy Principles. These principles require, among things, that organizations: (1) notify individuals about the purposes for which they collect and use information about them; (2) give individuals the opportunity to opt out from disclosure of their personal information to a third party or for use for a purpose incompatible with the purpose for which it was originally collected; and (3) take reasonable precautions to protect such personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Increased enforcement practices are not limited to the FCC, it should also be noted. The FCC and the Federal Trade Commission, which is broadly empowered to enforce against unfair methods of competition and unfair or deceptive practices in or affecting commerce, meet monthly to discuss the strategies and actions they are taking.  As such, while the Cloud provides many increased efficiencies and benefits, due diligence by both end users and Cloud service providers must be taken to mitigate against the increased risk that information stored in the Cloud is may be disclosed and to ensure adequate legal protection in the event a disclosure does occur.

This is Part II of this article. Read Part I, on contract concerns and FCC enforcement of privacy regulations, by clicking here.

For more information, please give us a call at 202-895-1707.  For the latest telecom news and access to valuable original content, please follow Technology Law Group on twitter @TechLawGroup.


Please enter your comment!
Please enter your name here

Related Articles

RunSafe Security Announces Partnership with ReleaseTEAM

RunSafe Security has announced a partnership with ReleaseTEAM, a full-service DevOps consulting firm, servicing both public and commercial clients for over 20 years. With...

Atos to Acquire In Fidem

Atos has signed an agreement to acquire In Fidem, a Canada-based specialized cybersecurity consulting firm. Consistent with its targeted acquisition strategy, the operation will expand...

Soluno Launches MyAcademy to Accelerate Growth, Customer Satisfaction

Soluno, a UCaaS Service Provider in Europe has launched MyAcademy, which it says forms an essential part of the company’s overall strategy. MyAcademy, which will...

Mosaic NetworX, Cato Networks Sign MSP Agreement

Mosaic NetworX LLC, a global network aggregator, and Cato Networks, a Secure Access Service Edge (SASE) provider, announced a partnership where Mosaic NetworX will deliver...

MetroNet, Fayetteville to Partner on Fiber Optic Network

MetroNet and the City of Fayetteville, North Carolina, will bring 100 percent fiber optic internet, television and phone services to businesses and residents in the region, marking...