The International Association of Privacy Professionals (IAPP), the world’s largest information privacy organization, recently asked us to pen an article on the recently-passed CLOUD Act.
This new legislation’s intention was simple: to facilitate the process for the US government to gain access to potentially vital data in the interest of national security when held on foreign soil, without impinging on the privacy rights of the individual or the duties of the cloud service provider (CSP) to protect those rights.
Given one of our data optimization service lines is Cloud Infrastructure, and our strong stance on data privacy, the IAPP was interested in our views and guidance on how such legislation may affect the cloud industry.
The short answer is “On its own, not enormously. But when looked at in the context of the rising tide of data privacy scrutiny and legislation, there are massive changes coming for CSPs and their business models.”
IaaS – CloudCore
Calligo’s own public cloud platform. High performance, data residency guarantees and the first cloud platform in the world to be designed with data privacy at its heart.
Our longer answer was published on IAPP earlier this week. The link is here, and there’s a quick extract below:
The CLOUD Act is in fact indicative of a far wider problem for businesses relying on the cloud.
Privacy has become such a potent issue that the international community, individual governments and even various industry sectors have all deemed it important enough to create their own legislation. This constantly growing variety means that businesses are likely to be obliged to conform with a huge number of privacy requirements – each with their own complications and many of which may conflict.
The impact of this confusion on CSPs is not on the technology within their service, but on their duty to their customers.
Businesses will naturally look to their CSP for advice on how best to store their data, and particularly how to ensure a balance between the practical considerations of access and availability alongside their privacy obligations. All while ensuring the ambition to innovate is not undermined. This will require a new breed of CSP, comfortable advising on both technical and legislative queries with impartiality, authority and accuracy.