Irish commissioner launches cloud computing guidelines

EU policies also put focus on cloud, from an end user and provider perspective. Article by Penny JonesData protection is key to Irish and EU cloud guidelines Ireland’s data protection commissioner Billy Hawkes has released a number of guidelines for individuals and companies using cloud computing – the same week that the EU Commission panel on privacy is expected to announce new recommendations on the policing of the Cloud. The EU Article 29 working party, that is putting together the EU’s data protection recommendations, is made up of representatives from the data protection authority of each EU Member State. It is designed to provide expert advice on data protection and other areas to members. Its work is being carried out as part of a wider European Commission initiative to develop policies to adopt cloud computing adoption in the EU. In June, European Commission Acting Deputy Director General for the Information society Megan Richards said cloud computing has the potential to drive the EU economy forward, and create new jobs. “We think cloud computing has the potential to generate more than 700bn Euro in the next five years,” Richards said. First of all, however, legislation needs to be created to ensure a safe working environment for the end users and cloud providers (read more on what Richards said in FOCUS magazine, Issue 23 – out now). In the Irish commissioner’s memo, Hawkes said security is the key concern for the government when it comes to cloud, with the location of data and written contracts also cause for concern. These areas of responsibility largely fall on the service provider. “The Data Protection Acts (Irish) place responsibility for data security squarely on the data controller (or external service provider) who is accountable to the individual data subject for the safeguarding of their personal information,” Hawke’s memo said. It also outlines the right the data subject has to remove or transfer data at request. Written contracts for cloud are mandatory in Ireland and when transferring data to clouds abroad, organizations will be responsible for ensuring adequate levels of data protection are provided. It said some countries outside of the EU have already been approved by the EU for cloud provisioning because of their own data protection rules.