Introduction
Cloud Computing has revolutionised the way
in which data is been processed, transacted upon, stored and accessed, all of
which can happen in a very big, fast, robust and dynamic way within and across
jurisdictions.
The EU, UK and the United States have their
own customary data protection law each acting alien to each other at some
stage.
While the UK has a specific data protection
laws that task cloud data owners to protect their law the EU Data protection act
attempts to establish both the term “Controller” and “Processor” where the
first could be likened to be Google as a
search giant, while the later Google as a Cloud Service provider. Now the issue
is that depending on the incident companies can choose to identify themselves
as controllers or processors just as it fits them best, hence, Stricter data
protection rules.
Main Player's role in Data protection
Years ago, after which the USA has seen a
rapid increase in Cloud Computing investment and development, the French government
invested a huge amount of money for France’s Cloud computing development
in-house and called on the EU to do likewise so as not to be held hostage to US
companies who has saturated the Cloud computing. Market Adoption of cloud
computing has increased first from the US over the years and likewise recently in Europe
as some years ago saw reasons to invest, albeit, late and this presents its challenges.
Complication of Data Protection rules
One incident that sparked even further
review and intensification of the EU data law was, when a in Spain, a user
found on the web, content about him and a case that has been resolved years
ago, He filed to the Spanish authority to rake down the content, but as Google
attempted to pull away the Spanish authority referred to the EU Justice and her
data protection law, to verify if Google can be pinned down to erase such data.
This incident saw the rise of another new law last year themed “Right to be forgotten”.
As much as this is good, the law in a broader scope will add much more
complexity to European adoption of CC, though the law is subject to;
·
Burden of proof:
·
Individual case by case review:-Every
case will be judged on its own individual merit, meaning request
·
Delivering notice to 3rd partied about content that has to
be erased.
It will still have to face many huddles
when it involves Data stored across servers outside the EU.
One of the content of the EU Data
protection rules includes a 24hour security breach notification that must be
sent to the client. The call for alarm here is that in most cases, you usually
do not know if you have been compromised or not.
Applicability of the EU Data Protection Act
Before I go on to explain let me place some
background info. There is a US law called Foreign Corrupt Practice Act (FCPA),
this act binds any US company carrying out business beyond the borders of USA
to the USA’s corruption charges. Canada has charged her companies not to store
and CC data on US cloud as it will be vulnerable to USA Patriot Act.
Now similarly, the EU has arranged their
law to act such (FCPA concept) that it will be applicable all over EU in
oneness. This means that both EU’s Right to be forgotten, Right to Data
portability, and the key points of the act will be applicable to an EU company
involved with a Data stored in a Non-EU state. The USA has a similar concept
but more liberal.
While the in its own context, is still very
difficult to implement EU-wide, another huge case arises when it involves an EU
company’s data stored in another state e.g the US and vice versa like the case
below:
- Last year 2014, the USA issued a search warrant to Microsoft (MS) to retrieve data of an email of an individual stored in an MS Data centre in Ireland. Though there is an EU-US Safe Haven agreement, MS refused to allow the US access the documents, after much late last year the Irish Government stepped up to issue an Amicus Brief against the USA. The Bone of contention here is;
- US needs to facilitate an investigation,
- MicrosoftS needs to protect her client’s data to gain respect,
- Irish Government sees the USA as stepping out of their boundary.
- There is a standoff between microsoft, Ireland and the US.
The good news is that many of other Tech companies are rallying behind Microsoft (see briefs here), the main issue still remains, Every now and then Gartner publishes her quadrants, hype cycles and many statistics spelling rapid progress of Technology. eg. from the time taken for the EU's Justice department to deal with issue that alerted "Right To be Forgotten" to be dealth with, over 4 years, new technologies have arrived and some have caused major disruption. So if it takes over 4 years to deal with an issue cause by data protection, it can take a multiple of that to deal with another technology that may spawn up soon, thanks goodness Drone laws are been put into effect.
The current rift between Microsft and the US' Government in respect to data protection will not be easily solved even when it is solved, the possibilities of such occuring again is high, as the EU is pursuing a different scope of Data protection so the US and the UK is not to mention other big players like China, Russia. Shold data protection laws be singularised or treated differently as it may soon be proven data and information may have no citizenship on its own
0 comments:
Please leave your comment as it will help us improve