Announcing the new Cross-Border Data Forum

(Oct 16, 2018) With cloud computing, law enforcement investigations increasingly seek evidence that is held across borders, in a different country. As we describe in a separate IAPP post, this globalization of criminal evidence is prompting major legislative change and proposals. In 2018 alone, the United States passed the Clarifying Lawful Overseas Use of Data Act to address cross-border issues, and the European Union has proposed its new eEvidence regulation and directive.  To date, there has not been one f... Read More

Google explains deleting data on the cloud platform

(Sep 14, 2018) In a blog post for Google, Cloud Security and Privacy Product Manager Eric Chiang announced a new white paper explaining data deletion on the Google Cloud Platform. The white paper provides an overview of how customer data is stored and Google’s deletion pipeline and timeline and describes steps taken to prevent any data from being reconstructed. To provide ongoing transparency, "Data deletion on Google Cloud Platform" takes a step-by-step approach to deletion requests, data removal, logical del... Read More

India's draft cloud computing policy urges data localization

(Aug 6, 2018) Reuters reports on a draft cloud computing policy proposal that would require data generated in the country to be stored within its borders. As the government works to finalize an overarching data protection law, the policy would be the latest in a series aiming to support data localization in India. In addition to the recommendation of data localization, the draft states that the data “must be available for investigative agencies and national security agencies.” Headed by the co-founder of Indi... Read More

Confusion surrounds Dropbox sharing researchers' data

(Jul 25, 2018) ZDNet reports on the confusion stemming from Dropbox sharing information on academics with Northwestern University researchers. Dropbox had given the researchers data belonging to 400,000 users across 1,000 universities. The researchers first claimed Dropbox gave them raw data that was then anonymized, but the file-hosting service later released a statement claiming it had already anonymized the information before turning it over for the researchers’ project. Dropbox explained the way data was s... Read More

Google: Digital communication laws still need work despite progress

(Jul 24, 2018) Google Senior Privacy Policy Counsel David Lieber writes in a blog post about the U.S. government updating laws on accessing digital communications. Lieber writes Google is in favor of the Clarifying Lawful Overseas Use of Data Act and the ruling in the Carpenter v. United States case but adds more needs to be done to protect the data, such as passing the Email Privacy Act, and answers on the standards governments should meet before requesting sensitive information. “Policymakers shouldn’t wait ... Read More

Tech companies join forces to launch Data Transfer Project

(Jul 23, 2018) Google, Facebook, Twitter and Microsoft are joining forces to launch the Data Transfer Project. The open-source project will allow data subjects to transfer their information from one service to another safely by encrypting data at rest and in transit by using the service’s existing authorization mechanism. In a blog post announcing the joint venture, Microsoft Vice President for Corporate Standards Craig Shank writes the project will focus on making the data-portability tools easy to use while ... Read More

Timehop breach may be bigger than originally reported

(Jul 17, 2018) Social media app Timehop announced last week it was hit by a data breach, but, according to BankInfoSecurity, the breach may be bigger than the company previously suspected. In an effort to be fully transparent, the company has revealed new classes of data that were affected in the breach event, including individuals' genders, dates of birth, country codes and IP addresses. Meanwhile, New Zealand-based file storage company Mega has reportedly been breached. Text files containing more than 15,500... Read More

How the CLOUD Act will affect the way cloud providers serve their customers 

(Jul 13, 2018) The signing into law of the Clarifying Lawful Overseas Use of Data Act earlier this year has not gone unnoticed among the privacy or law enforcement communities. Its intention was to simplify the process for the U.S. government to gain access to potentially vital data in the interest of national security when held on foreign soil, without impinging on the privacy rights of the individual or the duties of the cloud service provider to protect those rights. But what does this mean? And why was i... Read More

What the CLOUD Act means for cloud providers

(Jul 13, 2018) The passage earlier this year in the U.S. of the Clarifying Lawful Overseas Use of Data Act has not gone unnoticed by many in the privacy and law enforcement communities. Though the stakeholders who crafted the law intended it to simplify the process for the U.S. government to access data stored overseas while aiming to protect the privacy of individuals, the law poses as a major issue for cloud service providers. In this post for Privacy Perspectives, Calligo Founder and Chief Executive Officer... Read More

Startup raises $45M for 'privacy-first' blockchain cloud service

(Jul 10, 2018) A startup has raised $45 million in its effort to create a “privacy-first” cloud-computing platform incorporating blockchain technology, VentureBeat reports. Oasis Labs’ solution seeks to eliminate privacy limitations affecting blockchain adoption by adding protections that have not been seen with the technology. The company hopes its work can result in services such as machine learning to take place on the blockchain. “The Oasis platform aims to give users control over their data, and at the sa... Read More