When the US CLOUD Act meets the GDPR

(Feb 12, 2019) Given its relatively recent enactment date, the U.S. Clarifying Lawful Overseas Use of Data Act’s compatibility with the EU General Data Protection Act is still an open question. With regard to data transfer to third countries for which such transfer is subject to the GDPR, Articles 44 to 50 of the GDPR apply. In particular, Article 48 of the GDPR comes into play when EU data is being requested by a U.S. law enforcement agency. In this article for The Privacy Advisor, Walter Delacruz, CIPP/E, CI... Read More

How to comply with both the GDPR and the CLOUD Act

(Jan 29, 2019) On March 23, 2018, U.S. Congress enacted the Clarifying Lawful Overseas Use of Data Act, which had the immediate effect of mooting the ongoing U.S. v. Microsoft litigation, where a central issue of the case was whether a web-based or cloud-based telecommunications or data service provider, subject to U.S. jurisdiction, could avoid being required to provide stored electronic communications for which a search-and-seizure warrant had been served, when such stored electronic communications were stor... Read More

El INAI emite manual con criterios para contratos de cómputo en la nube

(Dec 19, 2018) El Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI, por sus siglas) emitió un manual denominado Criterios mínimos sugeridos para la contratación de servicios de cómputo en la nube que impliquen el tratamiento de Datos Personales. Este documento contiene una serie de recomendaciones para aquellas personas físicas y morales que pretendan contratar servicios de cómputo en la nube -particularmente cuando dichos servicios impliquen un tratamiento de... Read More

Government-owned company now stores Apple iCloud data in China

(Nov 29, 2018) Mashable reports that government-owned China Telecom took over the iCloud data from Guizhou-Cloud Big Data, meaning Apple iCloud data in China is now stored by a state-owned company. Apple had previously announced its first data center in China, in partnership with Guizhou-Cloud Big Data, to help the company comply with a government policy requiring foreign service providers to store data on Chinese citizens in the country. China Telecom’s takeover of the iCloud data has been met with concern ov... Read More

Report found Indian bank routinely shared customer data

(Nov 1, 2018) According to a bank document related to the Reserve Bank of India’s risk observation, Microsoft routinely shared customers’ financial information with U.S. intelligence agencies, Zee Business reports. The document, seen by DNA Money, found that this impacted banks that had migrated to Microsoft Office 365 cloud-based email service. While the article states banks were “fully aware” information was shared in this manner, customers may have not been informed. According to the RBI observation, Micro... Read More

McAfee report finds increase in sensitive data on the cloud

(Oct 31, 2018) Cybersecurity company McAfee released its Cloud Adoption & Risk Report, which analyzed anonymized cloud use to report on the current state of cloud developments and uncover risks, according to a news release. The report discovered nearly 25 percent of cloud data could be considered sensitive and, on average, an organization will experience more than 2,200 misconfiguration incidents per month. McAfee Cloud Security Business Senior Vice President Rajiv Gupta said, “Accidental sharing, collabor... Read More

IBM to acquire Red Hat in $34B cash deal

(Oct 30, 2018) In one of the biggest U.S. tech acquisitions, IBM announced it is acquiring open-source software company Red Hat in a $34 billion all-cash deal, ABC Action News reports. While the move still requires approval from shareholders and regulators, it is expected to finalize in the second half of 2019. IBM has said the move will allow the company to focus on helping businesses use multiple clouds at once. The company has plans to continue Red Hat’s existing partnerships, which includes Amazon, Microso... Read More

Announcing the new Cross-Border Data Forum

(Oct 16, 2018) With cloud computing, law enforcement investigations increasingly seek evidence that is held across borders, in a different country. As we describe in a separate IAPP post, this globalization of criminal evidence is prompting major legislative change and proposals. In 2018 alone, the United States passed the Clarifying Lawful Overseas Use of Data Act to address cross-border issues, and the European Union has proposed its new eEvidence regulation and directive.  To date, there has not been one f... Read More

Google explains deleting data on the cloud platform

(Sep 14, 2018) In a blog post for Google, Cloud Security and Privacy Product Manager Eric Chiang announced a new white paper explaining data deletion on the Google Cloud Platform. The white paper provides an overview of how customer data is stored and Google’s deletion pipeline and timeline and describes steps taken to prevent any data from being reconstructed. To provide ongoing transparency, "Data deletion on Google Cloud Platform" takes a step-by-step approach to deletion requests, data removal, logical del... Read More

India's draft cloud computing policy urges data localization

(Aug 6, 2018) Reuters reports on a draft cloud computing policy proposal that would require data generated in the country to be stored within its borders. As the government works to finalize an overarching data protection law, the policy would be the latest in a series aiming to support data localization in India. In addition to the recommendation of data localization, the draft states that the data “must be available for investigative agencies and national security agencies.” Headed by the co-founder of Indi... Read More