Does the US have juristriction over the whole world?

[Roland Perry]

In article <4ED123C2.1070700 at zen.co.uk>, Peter Fairbrother 
<zenadsl6186 at zen.co.uk> writes
>>> It's long past time that the UK and EU/EAA Information Commissioners 
>>>gave clear guidance that personal data cannot be stored in clouds. 
>>>Full stop.
>>  Cloud vendors are aware of these issues and have different products 
>>for  different markets. If you need a cloud-based solution that "stays 
>>in the  EU" or even "stays in the UK" you can probably find one, but 
>>don't  expect it to be one of the mass market consumer ones.
>
>The problem isn't just staying in the UK/EU, though that is a part of it.
>
>It's also that the operators of the cloud - and by that I mean everyone 
>who controls any of the machinery (or even the networking services) in 
>the cloud, not just the people who sell the cloud service - are data 
>processors, and the data controller has a responsibility to ensure that 
>they "provid[e] sufficient guarantees in respect of the technical and 
>organisational security measures governing the processing to be carried 
>out".
>
>Also they data controller must "take reasonable steps to ensure 
>compliance with those measures"
>
>If the data controller doesn't even know who is hosting the data he is 
>responsible for, how can he be performing either of these duties?

If the data "stays in the EU/UK" then the assumption is that the various 
parties are acting lawfully, and thus complying with the relevant data 
protection requirements.

>> At a Council of Europe conference last year ago the MS rep said that 
>>their standard cloud might not be what you needed in these 
>>circumstances  (but they might have changed their stance/product in 
>>the mean time).
>
>Not sure what MS meant by "these circumstances",

That you want the data to be guaranteed to stay within an EU/UK 
jurisdiction. (For the avoidance of doubt, I'm assuming that there's no 
comfort to be gained from "safe harbour" provisions).
-- 
Roland Perry