Categories
Articles

Where should I put my data?

After a couple of years when the question of data location had dropped a little down the priority list, two things have pushed it back up again. First, the Schrems II decision of the European Court, which cancelled the US-EU Privacy Shield and added some – but it’s not yet clear how onerous – new […]

Categories
Articles

Brexit and GDPR

Under current plans the UK will become – for data protection purposes – a “third country” when it leaves the EU. Although the UK Government has stated that the rules for transferring personal data from the UK to the EU will remain the same, any transfers from the EU to the UK will need to […]

Categories
Articles

Network and Information Security Directive – nearly done

[UPDATE: the Directive has now been published, with Member States required to transpose it into their national laws by 9 May 2018] The European Council has published the text of the Network and Information Security Directive recently agreed by its representatives and those of the European Parliament. This still needs to be “technically finalised” (in […]

Categories
Articles

GDPR – the final text?

The European Council of Ministers have now published a proposed text for the General Data Protection Regulation. This still needs to be edited by the Commission’s “lawyer-linguists” to check for inconsistencies, sort out the numbering of recitals and articles etc. But the working parties of both the Parliament and the Council have recommended that the […]

Categories
Articles

Safe Harbor: Advice Postponed

The Article 29 Working Party of European data protection supervisors had hoped to make a full statement on the EU/US Safe Harbor agreement at the end of January. However this has now been postponed, probably until mid-April. The European Court of Justice declared last October that the original Safe Harbor did not guarantee adequate protection […]

Categories
Articles

Data Protection Regulation – now there are three

After more than three years of discussion, all three components of the European law making process have now produced their proposed texts for a General Data Protection Regulation should look like. The Council of Ministers’ version published last week adds to the Commission’s 2012 original and the Parliament text (unofficial consolidated version) agreed last March. […]

Categories
Articles

Europe’s Data Protection Proposal

Last week the European Commission published their proposed new Data Protection legislation. This will now be discussed and probably amended by the European Parliament and Council of Ministers before it becomes law, a process that most commentators expect to take at least two years. There’s a lot in the proposal so this post will just […]

Categories
Articles

ENISA – working out cloud security requirements

ENISA’s new report proposing a “Security Framework for Governmental Clouds” may be more widely useful than its title and explicit scope suggest. Chapter 3 of the report suggests something pretty close to a project plan that any organisation could use to assess which applications and data are appropriate to move to a cloud service, what […]

Categories
Articles

Clouds and the draft Data Protection Regulation

At the moment both cloud computing providers and their business customers in Europe have to deal with at least twenty-eight different interpretations of Data Protection law. And there are nearly as many different national rules and formalities when using non-European cloud providers (the UK approach is described in the Information Commissioner’s Guide to Cloud Computing). […]

Categories
Articles

International transfers within cloud providers

The Article 29 Working Party have published an explanatory document on Binding Corporate Rules for Data Processors, to provide further detail on using the template they published last year. European data protection law requires that any export of personal data from the European Economic Area be covered by adequate measures to protect individuals whose data […]