« IPA 『標的型攻撃メールの分析』に関するレポート ~だましのテクニックの事例4件の紹介と標的型攻撃メールの分析・対策~ | Main | 総務省 スマートフォン・クラウドセキュリティ研究会 »

2011.10.08

備忘録 Computerworld UK Cloud computing and EU data protection law

 こんにちは、丸山満彦です。備忘録です。

●Computerworld UK
・2011.09.28 Cloud computing and EU data protection law Part one: Understanding the international issues

 
2つの課題があるとし、今回は、1つ目の課題についての説明となっています。。。

=====
There are 2 key issues here:

1.Impact on non-EEA cloud users and providers - the Directive's reach is broad, and cloud computing users based outside Europe, even non-EU cloud providers, in some circumstances, could become subject to European Union data protection laws if they use EEA data centres or cloud providers. This could discourage those outside the EEA from using EEA data centres or EEA cloud providers for cloud computing. Futhermore, non-EEA cloud service providers could be caught by EU data protection laws if they use cookies etc or run scripts on EEA end users' equipment, e.g. some SaaS services.

2.Impact on EEA cloud users - as is well-known, the Directive requires Member States to prohibit the transfer of personal data except to countries affording an 'adequate' level of protection. This restriction obviously inhibits EEA users from using non-EEA data centres for cloud computing, even if that offers costs savings or greater flexibility. While there are exceptions to the restriction, they are not straightforward, and it may be queried whether the data export restriction is still appropriate today, given the ease of data transmission and remote access to data via the internet.
=====

参考
・2010.12.10 ARTICLE 29 DATA PROTECTION WORKING PARTY WP 179 Opinion 8/2010 on applicable law

|

« IPA 『標的型攻撃メールの分析』に関するレポート ~だましのテクニックの事例4件の紹介と標的型攻撃メールの分析・対策~ | Main | 総務省 スマートフォン・クラウドセキュリティ研究会 »

Comments

Post a comment



(Not displayed with comment.)


Comments are moderated, and will not appear on this weblog until the author has approved them.



TrackBack


Listed below are links to weblogs that reference 備忘録 Computerworld UK Cloud computing and EU data protection law:

« IPA 『標的型攻撃メールの分析』に関するレポート ~だましのテクニックの事例4件の紹介と標的型攻撃メールの分析・対策~ | Main | 総務省 スマートフォン・クラウドセキュリティ研究会 »