Jusletter IT

Legal Challenges of Trans-border Data Flow in the Cloud

  • Authors: Rolf H. Weber / Dominic N. Staiger
  • Category: Scientific Articles
  • Region: Switzerland
  • Field of law: Data Protection, Cloud-Computing
  • Citation: Rolf H. Weber / Dominic N. Staiger, Legal Challenges of Trans-border Data Flow in the Cloud, in: Jusletter IT 15 May 2013
Parties involved in cloud computing are constantly facing new legal challenges in regard to trans-border transfers of personal data. In particular cloud service providers face ambiguous European data protection laws which do not cater for the specific services they offer. The following contribution addresses the issues associated with trans-border transfer of personal data in the cloud and highlights potential solutions.

Inhaltsverzeichnis

  • 1. Introduction
  • 1.1. Definition of cloud computing
  • 1.2. Infrastructure as a service (IaaS)
  • 1.3. Platform as a service (PaaS)
  • 1.4. Software as a service (SaaS)
  • 2. Regulatory challenges, approaches and available legal frameworks
  • 2.1. International flow of data
  • 2.2. Legal frameworks
  • 2.3. Approaches to regulation
  • 2.3.1. Self-regulatory approaches
  • 2.3.2. Legislative regulatory approaches
  • 3. Trans-border data flow in the cloud – challenges under the DPD
  • 3.1. Issues arising in cloud computing
  • 3.2. Trans-border data flow under an adequacy decision
  • 3.3. Trans-border data flow with appropriate safeguards
  • 3.3.1. First Step: Legal grounds for processing personal data under local law
  • 3.3.2. Second Step: Legal grounds for transfer of personal data abroad
  • 3.3.3. The UK approach in particular
  • 3.4. Safe Harbor Agreement and data transfers to the USA
  • 3.5. Binding corporate rules (BCR)
  • 3.5.1. Practical importance
  • 3.5.2. Approval procedure for BCR
  • 3.5.3. Coordination procedure for implementing BCR
  • 3.5.4. Legal challenges when applying BCR
  • 3.5.5. BCR and cloud computing
  • 3.6. Multiple party involvement
  • 3.7. Onward transfers from a third country
  • 3.7.1. Problem of further protection
  • 3.7.2. Available legal scenarios
  • 3.7.3. Effects on cloud computing
  • 3.8. Application of derogation
  • 4. Trans-border data flow under the new EU Data Protection Regulation (DPR)
  • 4.1. Jurisdiction of the new Regulation
  • 4.1.1. Territorial scope
  • 4.1.2. Extraterritorial application
  • 4.2. Transfer of personal data outside EEA
  • 4.2.1. Transfer with an adequacy decision
  • 4.2.2. Transfer under the appropriate safeguards provision
  • 4.2.3. Binding corporate rules (BCR)
  • 4.2.4. Alternatives to an adequacy decision or appropriate safeguards
  • 4.3. Liability of processors abroad
  • 5. Remaining problems and the way forward
  • 5.1. Effects of the Patriot Act
  • 5.2. Transfers under a BCR framework to a non-complying third country
  • 5.3. New technological approaches

No comments

There are no comments yet

Ihr Kommentar zu diesem Beitrag

AbonnentInnen dieser Zeitschrift können sich an der Diskussion beteiligen. Bitte loggen Sie sich ein, um Kommentare verfassen zu können.