45 lawyers from 32 countries work on ‘Cloud Privacy Check’
Last week the European Parliament and Council negotiators reached an agreement on the new General Data Protection Regulation and it is quite likely that it will be approved at the very beginning of next year. See here. After 4 years of work it seems that Europe will finally see a common framework on Data Protection come to life. Although the new regulation will only come into effect after a while, I am convinced that this will improve the way we manage personal data.
A regulation (unlike a directive) does not need to be enacted by a local Parliament to become effective at Member State level. At the moment there is the Data Protection Directive dating back from 1995 which is struggling to cater for present day realities. The new regulation will thus substitute the existing Data Protection laws in all member countries
After the Commission’s draft in 2012 and the Albrecht Report (see EU/Albrecht Report), which was passed by the EU Parliament with 95% approval shortly after the Snowden case was revealed, we have now been waiting for more than 18 months for the Council to approve a (hopefully not substantially modified text) of the European Data Protection Regulation. There is an interesting German independent movie (see Facebook page: Link) that shows the development of the Regulation and the opposition by lobbyists against Mr. Jan Philipp Albrecht, a 33-year-old member of the European Parliament who acts as Vice Chair of the EU Committee on Civil Liberties, Justice and Home Affairs (see here). Mr. Albrecht was the official rapporteur of this new law to the EU parliament.
A pertinent multinational program called the Cloud Privacy Check (CPC) is currently in its final phase of development. 45 lawyers from 32 countries are working on the project, whose final report as well as an online tool are expected to be published in 26 different languages at the end of January 2016 through the EuroCloud initiative. I am acting in the capacity of Vice President of the Malta IT Law Association as Project Co-Ordinator for Malta. In the context of Safe Harbor, Binding Corporate Rules and the expected European Data Directive, the CPC will arrive at the perfect moment.
For the next 2-3 years, the CPC will serve as a guideline for cloud providers, customers and users alike. The CPC will help people to understand the generic value, concept and requirements of data protection regulation, and will make it easy for them to handle any country-specific differences with confidence.
The Cloud Privacy Check (CPC) is intended to provide support by employing three approaches:
- Simplification of a complex subject matter without loss in terms of content. The goal of the CPC is to elucidate the topic of data protection in the cloud on a single page, thus providing a comprehensible and workable basis of information for people having to deal with the topic.
- Structuring of a plethora of questions into individual topic-blocks which can be approached step by step – from the simplest to the most complex.
- Separation of the generally applicable from the specific. This is probably the most significant aid for managing a complex trans-border endeavour. By identifying similarities throughout all countries, the CPC allows the user to focus on the differences which apply to them. The CPC aims to provide access to relevant information affecting another country quickly and easily, without having to deal with those aspects that are the same as “at home”.
Cover Photo by Flickr user ‘Perspecsys Photo‘ used under Creative Commons Attribution 2.0 license. Image cropped.