Following a meeting in Sopot, Poland, on April 24, 2012, the International Working Group on Data Protection in Telecommunications (the “Working Group”), led by the Berlin Commissioner for Data Protection and Freedom of Information, issued a Working Paper that focuses on privacy and data protection issues related to the use of cloud computing in the international context. The Working Paper aims to reduce uncertainty regarding the definition of cloud computing and how the technology intersects with privacy, data protection and other legal issues.
The Working Paper sets forth recommendations for best practices and guidance intended to help reduce risks associated with the use of cloud computing services, and to promote accountability and proper governance. The recommendations focus on how to avoid lowering data protection standards when implementing cloud computing solutions, so that businesses can benefit from the possibilities cloud computing has to offer without compromising adequate protection for individual rights. In addition to outlining best practices, the recommendations address accountability, technical safeguards, cloud service agreements and the physical locations where cloud data may be stored or processed. The memorandum also discusses the necessity of impact and risk assessments, as well as legal obligations towards data subjects and data protection authorities in the event of a data breach.
The Working Paper concludes by providing useful background information, including a thorough description of cloud computing and a succinct analysis of the economic drivers behind cloud computing.