The Article 29 Working Party has released an opinion on cloud computing that outlines data protection risks, particularly “a lack of control over personal data” and the “unavailability of a common global data portability framework.” The opinion warns that “a lack of transparency in terms of the information a controller is able to provide to a data subject on how their personal data is processed is highlighted…as a matter of serious concern.” For the group, “A key conclusion…is that businesses and administrations wishing to use cloud computing should conduct, as a first step, a comprehensive and thorough risk analysis” and a cloud client “should select a cloud provider that guarantees compliance with EU data protection legislation.” Meanwhile, Ireland’s data protection commissioner has released cloud guidelines, and a UK ICO spokesman said its guidance is in development and will be published in the next few weeks. Editor's note: Tools and templates for conducting risk assessments are available on the IAPP Resource Center
Full Story 


If you want to comment on this post, you need to login