Creative Industries

  • Can personal data be kept safe in the clouds? (Photo: Jonathas Rodrigues)

Focus

Firms must protect cloud data, EU watchdog says

06.07.12 @ 18:37

  1. By Benjamin Fox
  2. Benjamin email

BRUSSELS - Companies using cloud computing services must "guarantee" compliance with EU data rules, according to the Article 29 Working group, the EU's leading data protection watchdog.

In a 27-page legal opinion released this week (3rd July) on the safeguards businesses would be required put in place to protect private data, the Working Group stated that firms should be required to spell out data privacy policies in all contracts with individuals using cloud services.

Under this model, individuals putting data in a cloud would have guarantees about access and use of their data, the terms and time frame for data retention, and clear rules on the deletion of personal data.

The Working Group, which is composed of national data protection supervisors alongside the European Commission and European data protection chief, Peter Hustinx, said that all firms offering cloud services should provide "security, transparency and legal certainty" for cloud clients.

Although the demands of Article 29 are not legally binding, national data supervisors and commission officials are expected to turn them into law.

They added that organisations wanting to use cloud computing services should first conduct "a comprehensive and thorough risk analysis."

The opinion comes with digital agenda commissioner Neelie Kroes set to expand on legislative plans for a European Cloud Strategy in the coming weeks before the summer recess.

Cloud computing, where services use the processing speed and memory space of the Internet, has emerged as a cheap and fast way of storing huge amounts of data.

Research published in June by IT research firm Visiongain put the global cloud market at $37.9 billion for 2012. Meanwhile, the personal data already held in clouds is already estimated at €75 billion and expected to increase further.

Software giant Microsoft reacted to the report, with Brad Smith, vice-president of Microsoft, on Friday (6 July) praising what he described as Article 29's "leadership" on the issue.

Microsoft claims that its Office 365 programme has the highest level of data privacy and security in cloud services.

Supporters of cloud services claim that it offers numerous ways to store huge amounts of data cheaply for businesses and public authorities.

However, there are widespread concerns that the mobility and lack of control of cloud data makes it impossible to police data processing and movement according to geographical or legal boundaries.

Regulating the use of cloud computing data forms part of the EU's revamped data protection laws initiated by Justice Commissioner Viviane Reding in January and which are now being debated by MEPs and government ministers.