|« Fuel-cell powered laptops?||Happy Holidays!! »|
A different way of ensuring cloud-computing data protection
trust.office365.com. A different way of ensuring cloud-computing data protection
One of the recurrent problems of using cloud computing services is law abidance, since, due to the very architecture of cloud computing, data can slip back and forwards so easily between countries with different laws.
This was particularly the case for personal data, which is protected in Europe by specific legalisation that limits the exporting of this data. Problems were also posed in the US with the cross-border access granted under the Patriot Act (http://www.backup-technology.com/9796/u-s-patriot-act-dampens-microsoft-cloud-services/). Some providers therefore opted to set up several cloud services distributed in different geographical regions, adapting each cloud to the local laws in each region and setting up a specific cloud for Europe (e.g. Amazon); in other cases there have been government initiatives, as proposed in France, to set up national cloud services adapted to its own laws (http://www.elpais.com/articulo/Pantallas/nubes/Internet/crean/ problema/soberania/elpepugen/20110927elpepirtv_2/Tes)
Microsoft has taken a different approach for its Office 365 service. It has decided to apply European data protection laws to all its clouds supporting the office365 service. To do so Microsoft decided to apply the Model Clauses derived by the European Commission from the European Data Protection Directive; these clauses lay down personal data protection measures. It has applied these clauses in all its datacenters running office365. To put it another way, Microsoft has voluntarily decided to apply European Law outside Europe. Thus, the data of a Spanish user on office365 might be run in centers outside Europe (USA; Japan, .... or wherever) while complying with directly applicable Spanish law.
It has also set up the Office 365 Trust Center trust.office365.com, which gives information on its information processing principles and additional details on the employee visibility of client information.
To round out the story, all we need now is an official communiqué from the European Commission on this matter. After all, it’s one thing to claim you are Beyoncé’s friend and quite another for Beyoncé herself to say "This is my friend."
Author: Mariano J. Benito