A couple of other relevant considerations: - EU law makes the "data controller" responsible for data protetcion, regardless of the location of the data... so, if I register with a European service provider and they happen to outsource their data storage to some cloud service outside the EU, that makes no difference in regulatory terms.
- another EU instrument, the "Binding Corporate Rule", provides a mechanism for a multinational corporation (whether EU or not) to get its privacy policy approved by one EU regulator on behalf of all the others (rather than having to shop it around all of them). The BCR represents the corporation's statement of how it intends to comply with data protection regulations, in whatever countries it operates in. It's a voluntary mechanism, but it greatly reduces the time it takes for a multi-national to get a statement of regulatory compliance. HTH, Robin Robin Wilton Technical Outreach Director - Identity and Privacy Internet Society email: [email protected] Phone: +44 705 005 2931 Twitter: @futureidentity On 20 Mar 2014, at 18:05, <[email protected]> wrote: > > | Among other interesting infos, the article is in favor of cloud > | computing and its security. > | > | Question: In case some crime happens with data in the cloud which > | country is in charge to prosecute? > | > | Heiner > > > There is an active collaboration between MIT and U Washington Law > on this topic. I am not involved, I just heard about it at [1]. > In any case, the effort is to entirely sidestep the impedance > mismatches between the data rules of Country X and the data rules > of Country Y by crafting a boilerplate contract on data handling > such that the person in Country X providing data and the entity in > Country Y receiving data have a contractual agreement in place to > govern their data transmission and do not, therefore, have to have > a "choice of law" with respect to data handling, only with respect > to contract adjudication. > > --dan > > > [1] http://kit.mit.edu/conference-program (Scott David) > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
