To allow effective switch of Cloud Service Providers (CSPs), the Senate's European Affairs Committee has just adopted a proposal for a European resolution, setting the rules for data transfer, cloud contract exit fees, and the establishment of "sovereign" hosting providers controlled by EU equity.
The Senate's European Affairs Committee has unanimously adopted a motion for an European resolution linked to the European data regulation draft, which sets harmonized rules for fair data access and for the use of data within EU.
The technical and legal conditions for effective and secure data mobility within EU particularly caught the commission's attention.
Simplify the switch to cloud provider
In order to simplify the switch of data processing service provider on a market that is 72% controlled by three US providers, the french European Affairs Committee recommends to include transfer options in the providers commitments, and where appropriate, the details of the data transfer process.
It also recommends that no provider will be allowed to retain customer because of the benefit of a free period of service.
Finally, it considers that the duration of the three-year period provided for the phase-out of termination fees is excessive and likely to compromise the development of European service providers on the internal market.
The Committee on European Affairs also emphasizes the need for the rapid adoption of mandatory and harmonized standards to ensure data interoperability within EU.
Data is the black gold of the digital world. Europeans must organize themselves to avoid its confiscation by a few large platforms. Jean-François Rapin, chairman of the french Senate's European Affairs Committee.
Sovereign cloud and sensitive data
The European Affairs Committee insists on the necessity to set up sovereign cloud hosting facilities, controlled by European equity, and requires for a listing of sensitive data, arguing that the proposed mechanism for securing international data transfers is not fully guaranted, specifically with regard to sensitive data (i.e health data) and to data whose disclosure is likely to affect national security.
IoT data protection under National Data Protection Authority
The Commission also requires that any personal data combined with the use of connected objects (IoT) should be protected and controlled under the National Data Protection authorities (the CNIL in France), and within the European data protection framework, whose priority should be ensured.
Trade secret organization.
The Commission also emphasizes that business confidentiality must be contractually agreed between data holder, data user, and third party, without justifying a refusal of access or use unless the data owner demonstrates that data disclosure would cause serious harm, with regard to security.
The motion for this resolution has been referred to the Senate's Economic Affairs Committee, which may take it up. If not, it will become a Senate's resolution within a month.
This proposed resolution reflects another recent EC draft that aim to regulate sensitive data hosted on the cloud and which may stipulate that non-European cloud providers would only be able to process and host sensitive data through European joint ventures, and with a minority shareholding.
This new EC proposal should be applied to both personal and non-personal data, for which a breach could have a negative impact on public order, public health and intellectual property protection.
Kommentare