Brussels, February 15th, 2018. A year ago today the EU Cloud Code of Conduct (CoC) was established as a separate organization in a hand-over ceremony organized and hosted by the European Commission. The one-year anniversary also marks the 100 day deadline to GDPR, entering into force on 25 May 2018.
Recent developments of the Code include, for instance, addressing the new data subject right “data portability” for individuals. It will also address potential different roles and responsibilities depending on the service model provided (e.g., whether data portability can be managed and performed by its customers or whether the Cloud Service Provider is expected to offer data portability functionality for its customers).
“With GDPR approaching, cloud customers will be looking at how their cloud providers fulfil new requirements. The EU Cloud Code of Conduct is a good way of demonstrating high data protection standards”, said Jonathan Sage, Government and Regulatory Affairs Executive at IBM and Chairman of the EU Cloud CoC General Assembly, at the briefing.
The panel was further complemented by Pierre Chastanet of the European Commission and Hans Graux, Partner at time.lex and legal advisor to the EU Cloud CoC and Code Editor, who presented the main elements of the current version of the Code and the significant progress made in the last months. Lorena Marciano, Data Protection & Privacy Officer at Cisco, outlined how the EU Cloud CoC supports Cloud Service Providers and shared her experience of being part of the General Assembly. Additionally, Mark Watts, Partner at Bristows LLP, shared his expertise on data privacy, the GDPR and challenges for cloud users and providers.
Background
The EU Cloud Code of Conduct was founded in February 2017, after four years of close collaboration between the European Commission and the cloud computing community. The EU Cloud CoC intends to increase transparency in the European cloud marketplace and those parties which sign up to it will certify that their services adhere to the rigorous European data protection requirements. The EU Cloud CoC is open to all Cloud Service Providers, regardless of size and from all cloud sectors (IaaS, PaaS, SaaS), on the condition that the cloud services they sign up to the Code adhere to the data protection safeguards laid out in EU data protection legislation.
