International data transfers within cloud services
Keywords:
International transfers, platforms, cloud services, data protection.Abstract
Cloud computing has emerged as a new tech pattern towards
which many organizations are moving their activities and
processes to benefit from global, flexible and immediate
accessibility to technology, to get rid of purchase of own
software and hardware tools, to decrease IT costs while easily
scaling workloads and to allow a more specialized, centralized
and frequently secured processing and storage activities.
The idea of infrastructure, platform, and software as a service
(IaaS, PaaS and SaaS) is based on ubiquity and remote provision
of computing services. And it ends up in a need of analyze
the regulatory and legal issues and requirements that both
controllers and processors must consider when implementing
their cloud strategies.
The purpose of this paper is to deliver an overview of one
specific privacy topic brought in most of cloud agreement
negotiations. The international data transfer is a key term
for the operation, availability, performance and security of
the cloud services, but it shows broad legal challenges to
be considered when performing and when purchasing the
service. The idea of public and global cloud services is linked to
international data transfers as the cloud hosting and operation
resources are mostly designed under worldwide basis.
Compliance with European Data Protection Regulation and its
extraterritorial application require to meet some specific legal
fundamentals for the transfer of personal information and to
create a contractually trusted environment where third country
restriction problems can be reasonably solved by ensuring
adequate level of protection when providing and using cloud
services.
Downloads
References
AGENCIA ESPAÑOLA DE PROTECCIÓN DE DATOS, Guía para clientes que contraten servicios de cloud computing, Madrid, 2018.
ÁLVAREZ RIGAUDIAS, C., “Condiciones para las transferencias internacionales de datos personales en servicios de cloud”, en Derecho y Cloud Computing, Thomson Reuters, Cizur Menor (Navarra), 2012.
ARTICLE 29 DATA PROTECTION WORKING PARTY, Working Document setting up a table with the elements and principles to be found in Processor Binding Corporate Rules, de 29 de noviembre de 2017.
BADGER, M., GRANCE, T., PATT-CORNER, R. y VOAS J., Cloud Computing Synopsis and Recommendations. Special Publication 800-146, National Institute of Standards and Technology, Gaithersburg (Maryland), 2011.
CÓRDOBA CASTROVERDE, D., DÍEZ-PICAZO GIMÉNEZ, I., “Reflexiones sobre los retos de la protección de la privacidad en un entorno tecnológico”, en El derecho a la privacidad en un nuevo entorno tecnológico. XX Jornadas de la Asociación de Letrados del Tribunal Constitucional, Centro de Estudios Políticos y Constitucionales, Madrid, 2016.
EUROPEAN DATA PROTECTION BOARD, Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR, de 14 de febrero de 2023.
EUROPEAN DATA PROTECTION BOARD, Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, de 18 de junio de 2021.
EUROPEAN DATA PROTECTION BOARD, Recomendaciones 02/2020 sobre las garantías esenciales europeas para medidas de vigilancia, de 10 de noviembre de 2020.
GARTNER, Gartner Press Release, 19 de abril de 2023. Recuperado el 1 de julio de 2023: https://www.gartner.com/en/newsroom/ press-releases/2023- 04 -19 -gar tner-forecasts-worldwide- public-cloud-end-user-spending-to-reach-nearly-600-billion- in-2023
MARTÍNEZ MARTÍNEZ, R., “El Derecho y el Cloud Computing”, en Derecho y Cloud Computing, Thomson Reuters, Cizur Menor (Navarra), 2012.
TURTON, F., KAMARINOU, D., MICHELS, J. D. y MILLARD, C.,
“Privacy in the Clouds, Revisited: An Analysis of the Privacy Policies of 40 Cloud Computing Services”, Queen Mary Law Research Paper num. 354/2021, abril de 2021.
WUERMELING, U., OLDANI, I., “Regulation of international data transfers in clouds; the impact of the GDPR”, en Cloud Computing Law, Oxford University Press, Oxford, 2021.
