Adopting cloud computing can mean entrusting data to a third-party vendor. For agencies responsible for personally identifiable information or mission-critical applications, this raises a host of privacy concerns, chief among them the issue of data sovereignty and the question of determining appropriate government and commercial uses of private citizens’ data. This section of the site analyzes the risks to privacy associated with cloud adoption and explores ongoing means to mitigate them.

EU data protection regulation closer, your next headache?

Giulio Coraggio, GamingTechLaw,  Tuesday, June 30, 2015

The new EU Data Protection regulation is now closer with the EU Council of ministers reaching an agreement on a general approach which still leaves some room for negotiations and further headaches… Data protection experts might have lost any hope to see the final draft of the new EU Privacy Regulation during their life after that any step forward was followed by a number of steps backwards. But after 3 years from the first draft, commentators are quite confident to see the EU data protection regulation finally approved by the end of the year. The approval by the EU Council of the latest draft of the EU privacy regulation does NOT mean that the regulation is now approved. Further discussions with the EU Parliament and Commission shall take place and a number of points of discussion appear still open.

When a Company Is Put Up for Sale, in Many Cases, Your Personal Data Is, Too

Natasha Singer and Jeremy Merrill, New York Times,  Monday, June 29, 2015

Of the 99 sites with English-language terms of service or privacy policies, 85 said they might transfer users’ information if a merger, acquisition, bankruptcy, asset sale or other transaction occurred, The Times’s analysis found.

Dealing With Data Privacy in the Cloud

Paul Trotter, CIO,  Monday, June 29, 2015

Our reliance on data and the potential pitfalls associated with managing it have given rise to the need for safeguards for the protection of information, particularly in Europe where the General Data Protection Regulation (GDPR) will soon come into force. GDPR is designed to harmonise the current data protection regulations across EU member states, with strict data compliance stipulations and the possibility of huge financial penalties for those who breach of the rules. While the regulation doesn’t deal specifically with cloud service providers, it does have implications for organisations that use cloud services to store data. And with many companies in need of guidelines on how to deal with new approaches to data management, it’s time to turn to the experts.

For Post-Snowden Cloud Startups, Privacy Proves A Hard Sell

Steven Melendez, Fast Company,  Friday, June 26, 2015

"Rather than feeling able to make choices, Americans believe it is futile to manage what companies can learn about them," the authors wrote. "Our study reveals that more than half do not want to lose control over their information, but also believe this loss of control has already happened."

Isabelle Falque-Pierrotin: Privacy Needs to Be the Default, Not an Option

Mark Halper, WIRED,  Friday, June 26, 2015

Isabelle Falque-Pierrotin has a wake-up call for the world’s digital citizens: Beware of the tech giants lurking behind your screens and keyboards. Falque-Pierrotin—current head of France’s CNIL (National Commission on Informatics and Liberty) and the “Article 29 Working Party,” a group of European Union data-protection advocates—believes we are sleepily handing over personal data in droves without truly understanding the consequences. Comprehensive privacy protection should be an enforced requirement, she argues, not just an “opt-in” afterthought.

Why the OPM Data Breach is Unlike Any Other

Nuala O’Connor, Center for Democracy & Technology,  Tuesday, June 23, 2015

...a breach of this magnitude should call into question how we define harm and the types of remediation available to individuals. Credit monitoring and identity-theft resources may have little utility for those whose data was breached, especially when the information that was taken goes beyond credit card numbers and into detailed dossiers of about individuals. How does one put the cat back in the bag when the records breached contain information such as past drug use, lie-detector tests you failed, or extramarital affairs? This is information routinely collected about candidates for top-secret clearance and it includes information about friends, relatives, and former employers connected to the individuals that were affected. Those individuals aren’t given any recourse whatsoever. Current structures just do not give adequate recourse in relation to the real harm and impact on lives.

US To China: Do As We Say, Not As We Do

Paul Rosenzweig by Paul Rosenzweig, The Chertoff Group
Thursday, June 18, 2015

Is America as authoritarian as China? Surely not. And yet sometimes the differences can be hard to discern. A case in point is their similar approaches to one aspect of criminal law, the lawful intercept rules for telecommunications; approaches that a new study by the American Enterprise Institute characterizes as the imposition of a double standard.

Privacy: The weak link for video security

Karen Evans by Karen Evans, KE&T Partners
Thursday, June 18, 2015

The collection and analysis of video data has become the norm. However, storing sensitive information is currently regulated by outdated security standards—or by no standards at all—that do not offer the necessary protections to prevent hackers or bad actors. Law enforcement, led by the IACP, is addressing this issue head-on with its recently released guidance on video data and cloud computing. The guidelines focus on law enforcement's operational needs and, most importantly, ensure the security of systems and video data. As the updated guidelines state: "Recent calls for the expansion of data collection by law enforcement officers through, for example, the use of body-worn cameras and other sensor devices, only serve to reemphasize the need for clearly articulated policies regarding cloud-based data storage."

IACP Releases Updated Guidance On Police Bodyworn Camera Video Data Storage

Bradley Shear by Bradley Shear, Law Office of Bradley S. Shear
Thursday, June 18, 2015

The International Association of Chiefs of Police (IACP) recently published their "Guiding Principles on Cloud Computing in Law Enforcement". These principles are much needed because as more digital video evidence is created by law enforcement, the proper safeguards must be in place to ensure that the data is stored in an appropriate manner for the legal justice system.

CMA publishes findings on the commercial use of consumer data

UK Competition and Markets Authority,  Thursday, June 18, 2015

The Competition and Markets Authority’s (CMA) primary aim in conducting this work was to increase understanding of the issues and inform our future competition and consumer work. The report identifies some elements that could support well-functioning markets: •consumers should know when and how their data is being collected and used and be able to decide whether and how to participate •firms should compete to provide better services to consumers on the issues that matter to consumers, such as the controls enabling them to manage their own data-sharing •consumers and firms should share the benefits of using consumer data •the regulation of data should ensure the protection of essential rights such as privacy •where there are breaches of regulations, enforcement must be undertaken proportionately and effectively