Tuesday, July 17, 2012

Safe Harbor not safe enough for EU cloud data



http://ow.ly/ci0SZ

An article by Brian Proffitt posted on the itworld.com website.

This article discusses a recent recommendation from an independent European advisory committee, proposing some changes to the US/EU "Safe Harbor" data protection agreement. The advisory comments address issues that would impact the use of US based cloud computing providers.

The article states, "While this WP 196 recommendation from the Article 29 Working Party is not legally binding, the group carries enough weight in Europe's IT circles to heavily influence decisions on where and how cloud-based data is stored. The group is made up of members from the national data protection authorities from all 27 European Union Member States… essentially the "justice league" of data security in Europe, without the tights." A link to the recommendation is provided in the article.

The article further explains, "..."The Working Party considers that companies exporting data should not merely rely on the statement of the data importer claiming that he has a Safe Harbor certification. On the contrary, the company exporting data should obtain evidence that the Safe Harbor self-certifications exists and request evidence demonstrating that their principles are complied with."

If this recommendation from the Working Party is heeded, it could represent a significant barrier in the adoption of cloud computing in Europe and the US. Most cloud providers are based in the US, and if the Safe Harbor self-certifications aren't changed, a lot of EU companies are going to shy away hosting their data on such services.

This could be the start of a geographically-based cloud war, unless the Safe Harbor procedures are changed to something more to the EU's liking."

No comments:

Post a Comment