The Article 29 Working Party has released an opinion on cloud computing that outlines data protection risks, particularly "a lack of control over personal data" and the "unavailability of a common global data portability framework." The opinion warns that "a lack of transparency in terms of the information a controller is able to provide to a data subject on how their personal data is processed is highlighted...as a matter of serious concern." For the group, "A key conclusion...is that businesses and administrations wishing to use cloud computing should conduct, as a first step, a comprehensive and thorough risk analysis" and a cloud client "should select a cloud provider that guarantees compliance with EU data protection legislation." Editor's note: Tools and templates for conducting risk assessments are available on the IAPP Resource Center.
If you want to comment on this post, you need to login.