The Article 29 Working Party established under the EU data privacy legislation published an opinion on 1 July 2012 addressing the data privacy compliance concerns associated with the use of cloud computing solutions. The working party identifies the concerns as falling into two categories:

  • lack of control;

    - cloud clients lose control of the technical and organisational measures necessary to ensure the availability, integrity, confidentiality, transparency, isolation and portability of data;
  • lack of information processing;

    - insufficient information about a cloud services processing operations poses a risk to controllers as well as to data subjects because they might not be aware of potential threats and risks and therefore cannot take measures they deem appropriate.
Downloads –

Related Capabilities