Recently, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) released a study titled Fighting cyber crime and protecting privacy in the cloud (the “Study”). The Study originally was prepared in October 2012 at the request of the LIBE Committee by the European Parliament’s Policy Department of Citizens’ Rights and Constitutional Affairs, with the help of the Centre for European Policy Studies and the Centre d’Etudes sur les Conflits.

The Study examines how national and international regulations aimed at fighting cybercrime may conflict with data protection efforts in the cloud context. In particular, it analyzes the relevant definitions under current data protection law, jurisdictional challenges, how responsibility is divided between data controllers and data processors, international data transfer rules and enforcement mechanisms. The Study’s recommendations include:

  • harmonizing the concepts of data controller, data processor and applicable jurisdiction at the EU level and holding the relevant entities accountable in practice;
  • revising the scope of the EU-U.S. Safe Harbor principles to apply to telecommunication common carriers providing cloud computing services and ensuring that current Safe Harbor certifications are reviewed;
  • analyzing U.S. laws that allow surveillance of non-U.S. residents in a cloud computing context, and if the EU Parliament considers it necessary, amending the proposed General Data Protection Regulation to require individual warning notices to data subjects so that they are informed about the implications of such laws; and
  • reviewing measures to be taken by EU enforcement agencies such as Europol to tackle cybercrime in cloud computing environments.