Does the US have juristriction over the whole world?
lists at internetpolicyagency.com
Sat Nov 26 18:05:57 GMT 2011
In article <4ED123C2.1070700 at zen.co.uk>, Peter Fairbrother
<zenadsl6186 at zen.co.uk> writes
>>> It's long past time that the UK and EU/EAA Information Commissioners
>>>gave clear guidance that personal data cannot be stored in clouds.
>> Cloud vendors are aware of these issues and have different products
>>for different markets. If you need a cloud-based solution that "stays
>>in the EU" or even "stays in the UK" you can probably find one, but
>>don't expect it to be one of the mass market consumer ones.
>The problem isn't just staying in the UK/EU, though that is a part of it.
>It's also that the operators of the cloud - and by that I mean everyone
>who controls any of the machinery (or even the networking services) in
>the cloud, not just the people who sell the cloud service - are data
>processors, and the data controller has a responsibility to ensure that
>they "provid[e] sufficient guarantees in respect of the technical and
>organisational security measures governing the processing to be carried
>Also they data controller must "take reasonable steps to ensure
>compliance with those measures"
>If the data controller doesn't even know who is hosting the data he is
>responsible for, how can he be performing either of these duties?
If the data "stays in the EU/UK" then the assumption is that the various
parties are acting lawfully, and thus complying with the relevant data
>> At a Council of Europe conference last year ago the MS rep said that
>>their standard cloud might not be what you needed in these
>>circumstances (but they might have changed their stance/product in
>>the mean time).
>Not sure what MS meant by "these circumstances",
That you want the data to be guaranteed to stay within an EU/UK
jurisdiction. (For the avoidance of doubt, I'm assuming that there's no
comfort to be gained from "safe harbour" provisions).
More information about the ukcrypto