Are ‘Clouds’ Located Outside the European Union Unlawful? (by Marie-Andrée Weiss & Cédric Laurant)

more+
less-

A central aspect of every cloud service contract is the security of data processing. It is therefore important, if only for liability reasons, that responsibility for specific security measures be clearly assigned. This can be done by using security service level agreements between the cloud service provider and its client that clearly assign who is responsible for which particular security measure.

Storing data in a cloud located outside the EU raises specific legal compliance issues. According to some experts, such clouds are even unlawful. There are, however, some ways to make sure that, even if a data controller stores data into a cloud located in a third country, he is still in compliance with German data protection law. A data exporter must use, in order to satisfy the adequate level of data protection requirement, specific standard contractual clauses for all contracts with a cloud service company located outside the EU. Binding corporate rules are the alternative solution, though only for private clouds.

LOADING PDF: If there are any problems, click here to download the file.

Published In: Business Torts Updates, Consumer Protection Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cedric Laurant | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »