Personal data processed in cloud infrastructures: main legal aspects Avv. Enrico Pelino Attorney at Law at Bologna Bar, Italy Senior Associate at ICTlegalconsulting.

Slides:

Advertisements

Similar presentations

The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.

Advertisements

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Data Protection (Jersey) Law 2005.

1 Global Real Estate Valuation Policy Update: the European Perspective The principle: the EU Treaty does not provide the European institutions with direct.

1 International Partner Program by EuroCloud Europe EuroCloud Star Audit Based on European Quality Values for a Worldwide Usage.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

PROJECT Towards an Harmonised Approach for National Space Legislation in Europe Berlin, January 2004 NATIONAL SPACE LEGISLATION: THE BELGIAN.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Draft EU Privacy Regulation Corporate Privacy Forum January 26, 2012.

CLOUD AND SECURITY: A LEGISLATOR'S PERSPECTIVE 6/7/2013.

The Data Protection Act 1998 The Eight Principles.

Meeting with the Romanian Motor Insurers’ Bureau Bucharest 19 th August 2004 Ulf Lemor.

Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

International Investigations: Issues to Consider When Conducting or Defending Against an FCPA Investigation Outside the United States Presented by: Sandee.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

© A. Kur IP in Transition – Proposals for Amendment of TRIPS Annette Kur, MPI Munich.

European Union European Union EU built on treaties.

Breaking down exclusive deals – the Dutch way Pamela Young Ministry of the Interior and Kingdom Relations Public Sector Innovation and Information Policy.

Dino Tsibouris (614) Updates on Cloud, Contracting, Privacy, Security, and International Privacy Issues Mehmet Munur (614)

Presentation Title Data Protection The new EU Regulation Insert your logo here.

1 Agencia Española de Protección de Datos The Use of Contracts and BCRs to Transfer Personal Data The European Union – United States Safe Harbor framework:

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.

The EU General Data Protection Regulation Frank Rankin.

A solid privacy and security approach Alf Moens, Corporate Security Officer SURF Evelijn Jeunink, Legal adviser, Corporate Privacy Officer SURF.

Data Protection and Privacy. nTechnology and personal data – Immense power to process and store data nInformation economy – Driver of economic value:

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

The EU Data Protection Directive revised: New challenges and perspectives Maria Giannakaki Attorney at Law – D.E.A. 4 th International Conference on Information.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,

Zápatí prezentace Notion and system of European Labour Law.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Version 3 (2. February 2012) European Citizens´Initiative (TEU: Art. 11, Para 4; TFEU: Art. 24, Para 1) Title of the proposed ECI Unconditional Basic Income.

GDPR 12 POINTS 679/2016 DATA LEX 2016.

Contracts – the small print

Data Protection Officer’s Overview of the GDPR

General Data Protection Regulations: The Key Changes

Industry 4.0 – New ways of cooperative working – are we prepared?

Making the Connection ISO Master Class An Overview.

Trevor Ellis Trainee Programmer (1981 – 28 years ago)

Notion and system of European Labour Law

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

Data protection headaches: GDPR, brexit AND perimeter risk

Operationele blik op GDPR

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

General Data Protection Regulation

International Regulatory Trends

Information Governance and Data Privacy: A World of Risk

GDPR Overview GDPR - General Data Protection Regulations

Bob Siegel President Privacy Ref, Inc.

Introduction to GDPR 09/11/2018.

The General Data Protection Regulation (GDPR)

G.D.P.R General Data Protection Regulations

General Data Protection Regulation

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

EUROPEAN UNION LAW

Data transfers to non-EU countries under the new GDPR

Today is a special day ... It is the 10 year anniversary of ...

Is Data Protection a Fundamental Right Protecting the Individual?

The European Anti-Corruption Report

Presentation privacy law

Data Protection: The new EU Regulation

Session 4: Data Mapping and Data Subject Rights

Session 4: Data Mapping and Data Subject Rights

Presentation transcript:

Personal data processed in cloud infrastructures: main legal aspects Avv. Enrico Pelino Attorney at Law at Bologna Bar, Italy Senior Associate at ICTlegalconsulting EPA fellow

Personal data processed in cloud infrastructures main legal aspects Cloud computing raises significant issues in several legal areas data protection and data security competition-related issues freedom of expression intellectual property protection...

Personal data processed in cloud infrastructures main legal aspects What are personal data and why are they significant in a research infrastracture? Some data + a natural person + connection (even indirect) between them = personal data

Personal data processed in cloud infrastructures main legal aspects which is the applicable national law? are transfers of personal data to non-EU countries legitimate? which set of security measures shall be applied? Are data subjects granted rights to control their personal data? Can the cloud provider be held liable? Main data protection issues

Personal data processed in cloud infrastructures main legal aspects Applicable law First: which is the data controller? Second: is it established within the EU? Art. 29 Working Party’s notion of establishment Third: does it uses equipment placed in the EU? What really matters: the allocation of roles

Personal data processed in cloud infrastructures main legal aspects Which set of applicable security measures? Art. 17(3) of Directive 95/46/EC Establishment of the processor

Personal data processed in cloud infrastructures main legal aspects Transfers of personal data to non-EU countries Adequate level of protection (including organizations adhering to Safe Harbor ) Or: Consent (or other cases set forth in art. 26(1) Dir 95/46/EC) Contract (with data recipient) ad hoc contract model clauses Binding corporate rules

Personal data processed in cloud infrastructures main legal aspects The data subject’s rights right to access right to rectify right to erasure/blocking right to object forthcoming: right to data portability right to be notified of any serious breach of personal data right to be forgotten...

Personal data processed in cloud infrastructures main legal aspects Data controller’s liability Controller shall: implement appropriate measures ensure a level of security appropriate to the risks choose a processor providing sufficient guarantees Controller is fully liable for compliance with those measures. Art. 23 Dir. 95/46/EC: any person who has suffered damage as a result of an unlawful processing operation is entitled to receive compensation from the controller for the damage suffered

Personal data processed in cloud infrastructures main legal aspects Data controller’s accountability Art. 29 WP’s opinion no. 3/2010 controllers shall: put in place adequate and effective measures demonstrate so to DPAs Art. 29 WP’s opinion no. 5/2012 controllers shall: demonstrate that they have acted as to implement data protection principles Regulation art. 22

Personal data processed in cloud infrastructures main legal aspects Any change in sight? The forthcoming Regulation on data protection one common legal text instead of 27 legal texts European citizenship as an additional criteria for applicable legislation a more mature view of transparency, accountability, data subjects’ rights,...

Personal data processed in cloud infrastructures main legal aspects Protection of intellectual property and other assets A robust contract SLAs (PLAs) Direct control over the cloud provider (e.g. control panels) Access logs Third party’s audit Effective measures against vendor lock-in...

Contact information ICT Legal Consulting is present in nine other European countries: Austria, Belgium, France, Germany, Greece, the Netherlands, Poland, Spain and United Kingdom. Milan Via De Togni 14 Telefono: Rome Piazza di San Salvatore in Lauro, 13 Telefono: Bologna Via delle Lame 24 Telefono: