SlideShare une entreprise Scribd logo

Privacy and Data Protection in the Cloud Era

Franck Franchin
Franck Franchin

Cours CyberSécurité - Université Versailles St Quentin - Privacy - Avril 2013

FormationTechnologieBusiness
1  sur  10
Mars- Avril 2013 Franck Franchin 1
Master Droit - Franck Franchin - © 2013 2 “Asking Google to educate consumers about privacy is like asking the fox to teach the chickens how to ensure the security of their coop” Consumer Watchdog, March 2013
Master Droit - Franck Franchin - © 2013  Search – Yahoo or Google keep your data for 18 months !  Webmail – Google goes through every word of every Gmail that’s sent or received to sell targeted ads.  Google Docs  Street View (Wifi traffic and pwd scans… hum ?)  Conference Management Systems - very used in academic research community with document sharing (papers, reviews, patent drafts) FREE SERVICE DOES NOT EXIST ! 3
Master Droit - Franck Franchin - © 2013  The Foreign Intelligence Surveillance Act of 1978 prescribes procedures for requesting judicial authorization for electronic surveillance and physical search of persons engaged in espionage or international terrorism against the United States on behalf of a foreign power.  The Stored Communications Act of 1986 is a law that addresses voluntary and compelled disclosure of "stored wire and electronic communications and transactional records" held by third- party internet service providers (ISPs)  Patriot Act - Signed by President George W. Bush on October 26, 200, renew by President Bush on March 9, 2006  The Foreign Intelligence Surveillance Act Amendment Act (FISAA - 2008) allows US authorities to spy on cloud data that includes Amazon Cloud Drive, Apple iCloud and Google Drive. 4
Master Droit - Franck Franchin - © 2013  The US law allows American agencies to access all private information stored with firms within Washington’s jurisdiction, without a warrant, if the information is felt to be in the US interests.  That means any company with a presence in the US and regardless of where the data is stored or the existence of any conflicting obligations under the laws where the data is located  Some US-based cloud services and hosting companies might not be able to comply with the EDPD : customers whose private data should have been disclosed under FISA won’t be always notified (which is not compliant with EC directives) 5
Master Droit - Franck Franchin - © 2013  The famous 95/46/EC Directive  The European Data Protection Directive requires companies to inform users when they disclose personal information  There are clauses in the Directive that allow data to be stored outside of the EU  Evolution in progress since 2012 ; but strong lobbying against data breach notification enforcement and data aggregation processing restrictions 6
Master Droit - Franck Franchin - © 2013  The U.S.-EU Safe Harbor Framework provides guidance for U.S. organizations on how to provide adequate protection for personal data from the EU as required by the European Union's Directive on Data Protection.  Participation is voluntary  Based on principles agreed by Directive 95/46 (October, 1995)  Five major points : ◦ Data owner has been informed of data processing and transfer ◦ Data owner can revoke the rights he granted. ◦ Explicit agreement ◦ Access and change right (aka droit d’accès et de rectification) ◦ Data security (confidentiality, integrity, availability) 7
Master Droit - Franck Franchin - © 2013  Payment card security standards body PCI Security Standards Council (PCI SSC) has released new guidance for merchants using cloud-based systems for customer payment data  “Many merchants mistakenly believe that if they outsource everything to a cloud service provider, much of of the responsibility goes away for being PCI compliant – unfortunately, that’s simply not the case,” Bob Russo, general manager at the PCI Security Standards Council “A merchant needs to ensure that a cloud services provider is PCI-compliant not just for its own piece, but for the entire spectrum, including what that provider is specifically doing for the merchant.” 8
Master Droit - Franck Franchin - © 2013  TFTP (Terrorist Financing Tracking System)/SWIFT (28 Juin 2010)  Europol in charge of  Audit conducted by Europol in Nov 2010, with warning report issued in March 2011  Too generic requests are made by US (Dpt of Treasury) but acknowledged by Europol  So generic, it’s impossible to confirm these requests are compliant with European Data Protection Directives 9
Master Droit - Franck Franchin - © 2013  Nova Scotia Case - As part of a criminal prosecution in US, the Court requested that the US subsidiary disclosed documents stored in Cayman Islands.  Valetta Case – Australian subsidiary of this Maltin bank was summoned by australian Court to disclose documents stored in Malta 10

Recommandé

Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...APNIC
 
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
 
Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Agustin Argelich Casals
 
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...TrustArc
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
 
Should European Businesses Really Fear The Usa Patriot Act
Should European Businesses Really Fear The Usa Patriot ActShould European Businesses Really Fear The Usa Patriot Act
Should European Businesses Really Fear The Usa Patriot Actfrjennings
 

Recommandé

Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...APNIC
 
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
 
Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Agustin Argelich Casals
 
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...TrustArc
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
 
Should European Businesses Really Fear The Usa Patriot Act
Should European Businesses Really Fear The Usa Patriot ActShould European Businesses Really Fear The Usa Patriot Act
Should European Businesses Really Fear The Usa Patriot Actfrjennings
 
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...TrustArc
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementGACC_Midwest
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET
 
Evertio Schrems II
Evertio Schrems IIEvertio Schrems II
Evertio Schrems IIFanny Surjana
 
The EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowThe EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowSophos Benelux
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionDavid Erdos
 
Internet and eCommerce Law Review 2016
Internet and eCommerce Law Review 2016Internet and eCommerce Law Review 2016
Internet and eCommerce Law Review 2016Graham Smith
 
GDPR: More reasons for information security
GDPR: More reasons for information securityGDPR: More reasons for information security
GDPR: More reasons for information securityJisc
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection RegulationRamiro Cid
 
BBW v UK - IP Act implications
BBW v UK - IP Act implicationsBBW v UK - IP Act implications
BBW v UK - IP Act implicationsGraham Smith
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDResilient Systems
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldParsons Behle & Latimer
 
Replacement standard contractual clauses
Replacement standard contractual clausesReplacement standard contractual clauses
Replacement standard contractual clausesBrian Miller, Solicitor
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
Graham Smith - Internet and eCommerce Law Review 2017
Graham Smith - Internet and eCommerce Law Review 2017Graham Smith - Internet and eCommerce Law Review 2017
Graham Smith - Internet and eCommerce Law Review 2017Graham Smith
 
DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015Saira Nayak, JD, CIPP/US/E
 
BVA (British Video Association)
BVA (British Video Association)BVA (British Video Association)
BVA (British Video Association)Andrew Urben
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeJason Quinlan
 
Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013
Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013
Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013Franck Franchin
 
Cours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesCours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesFranck Franchin
 
Biometrics - Basics
Biometrics - BasicsBiometrics - Basics
Biometrics - BasicsFranck Franchin
 

Contenu connexe

Tendances

What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...TrustArc
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementGACC_Midwest
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET
 
The EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowThe EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowSophos Benelux
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionDavid Erdos
 
Internet and eCommerce Law Review 2016
Internet and eCommerce Law Review 2016Internet and eCommerce Law Review 2016
Internet and eCommerce Law Review 2016Graham Smith
 
GDPR: More reasons for information security
GDPR: More reasons for information securityGDPR: More reasons for information security
GDPR: More reasons for information securityJisc
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection RegulationRamiro Cid
 
BBW v UK - IP Act implications
BBW v UK - IP Act implicationsBBW v UK - IP Act implications
BBW v UK - IP Act implicationsGraham Smith
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDResilient Systems
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldParsons Behle & Latimer
 
Replacement standard contractual clauses
Replacement standard contractual clausesReplacement standard contractual clauses
Replacement standard contractual clausesBrian Miller, Solicitor
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
Graham Smith - Internet and eCommerce Law Review 2017
Graham Smith - Internet and eCommerce Law Review 2017Graham Smith - Internet and eCommerce Law Review 2017
Graham Smith - Internet and eCommerce Law Review 2017Graham Smith
 
DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015Saira Nayak, JD, CIPP/US/E
 
BVA (British Video Association)
BVA (British Video Association)BVA (British Video Association)
BVA (British Video Association)Andrew Urben
 

Tendances (19)

What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor Replacement
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection Regulation
 
Evertio Schrems II
Evertio Schrems IIEvertio Schrems II
Evertio Schrems II
 
The EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowThe EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to know
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data Protection
 
Internet and eCommerce Law Review 2016
Internet and eCommerce Law Review 2016Internet and eCommerce Law Review 2016
Internet and eCommerce Law Review 2016
 
GDPR: More reasons for information security
GDPR: More reasons for information securityGDPR: More reasons for information security
GDPR: More reasons for information security
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection Regulation
 
BBW v UK - IP Act implications
BBW v UK - IP Act implicationsBBW v UK - IP Act implications
BBW v UK - IP Act implications
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUD
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy Shield
 
Replacement standard contractual clauses
Replacement standard contractual clausesReplacement standard contractual clauses
Replacement standard contractual clauses
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
Graham Smith - Internet and eCommerce Law Review 2017
Graham Smith - Internet and eCommerce Law Review 2017Graham Smith - Internet and eCommerce Law Review 2017
Graham Smith - Internet and eCommerce Law Review 2017
 
DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015
 
BVA (British Video Association)
BVA (British Video Association)BVA (British Video Association)
BVA (British Video Association)
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 

En vedette

Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013
Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013
Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013Franck Franchin
 
Cours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesCours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesFranck Franchin
 
Cours CyberSécurité - CyberGuerre & CyberTerrorisme
Cours CyberSécurité - CyberGuerre & CyberTerrorismeCours CyberSécurité - CyberGuerre & CyberTerrorisme
Cours CyberSécurité - CyberGuerre & CyberTerrorismeFranck Franchin
 
Algorithme de chiffrement RC4, A5/1 & A5/2
Algorithme de chiffrement RC4, A5/1 & A5/2Algorithme de chiffrement RC4, A5/1 & A5/2
Algorithme de chiffrement RC4, A5/1 & A5/2Max Benana
 
Cours CyberSécurité - Concepts Clés
Cours CyberSécurité - Concepts ClésCours CyberSécurité - Concepts Clés
Cours CyberSécurité - Concepts ClésFranck Franchin
 
Sécurité des systèmes d'information
Sécurité des systèmes d'informationSécurité des systèmes d'information
Sécurité des systèmes d'informationFranck Franchin
 

En vedette (8)

Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013
Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013
Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013
 
Cours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesCours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures Critiques
 
Biometrics - Basics
Biometrics - BasicsBiometrics - Basics
Biometrics - Basics
 
Cours CyberSécurité - CyberGuerre & CyberTerrorisme
Cours CyberSécurité - CyberGuerre & CyberTerrorismeCours CyberSécurité - CyberGuerre & CyberTerrorisme
Cours CyberSécurité - CyberGuerre & CyberTerrorisme
 
Cryptographie quantique
Cryptographie quantiqueCryptographie quantique
Cryptographie quantique
 
Algorithme de chiffrement RC4, A5/1 & A5/2
Algorithme de chiffrement RC4, A5/1 & A5/2Algorithme de chiffrement RC4, A5/1 & A5/2
Algorithme de chiffrement RC4, A5/1 & A5/2
 
Cours CyberSécurité - Concepts Clés
Cours CyberSécurité - Concepts ClésCours CyberSécurité - Concepts Clés
Cours CyberSécurité - Concepts Clés
 
Sécurité des systèmes d'information
Sécurité des systèmes d'informationSécurité des systèmes d'information
Sécurité des systèmes d'information
 

Similaire à Privacy and Data Protection in the Cloud Era

ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKSally Hunt
 
Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014Adriana Sanford
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsThe Economist Media Businesses
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Morgan
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake Morgan
 
Communications Privacy and the State
Communications Privacy and the StateCommunications Privacy and the State
Communications Privacy and the StateGraham Smith
 
What is GDPR?
What is GDPR?What is GDPR?
What is GDPR?Faidepro
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdfMeshalALshammari12
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShareyvtmnvul
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideSharepqkiykra
 
香港六合彩
香港六合彩香港六合彩
香港六合彩pchgmf
 
General data protection regulation - European union
General data protection regulation - European unionGeneral data protection regulation - European union
General data protection regulation - European unionRohana K Amarakoon
 

Similaire à Privacy and Data Protection in the Cloud Era (20)

ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UK
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
 
Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012
 
Communications Privacy and the State
Communications Privacy and the StateCommunications Privacy and the State
Communications Privacy and the State
 
What is GDPR?
What is GDPR?What is GDPR?
What is GDPR?
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoT
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016
 
General data protection regulation - European union
General data protection regulation - European unionGeneral data protection regulation - European union
General data protection regulation - European union
 

Dernier

Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 

Dernier (20)

Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 

Privacy and Data Protection in the Cloud Era

  • 2. Master Droit - Franck Franchin - © 2013 2 “Asking Google to educate consumers about privacy is like asking the fox to teach the chickens how to ensure the security of their coop” Consumer Watchdog, March 2013
  • 3. Master Droit - Franck Franchin - © 2013  Search – Yahoo or Google keep your data for 18 months !  Webmail – Google goes through every word of every Gmail that’s sent or received to sell targeted ads.  Google Docs  Street View (Wifi traffic and pwd scans… hum ?)  Conference Management Systems - very used in academic research community with document sharing (papers, reviews, patent drafts) FREE SERVICE DOES NOT EXIST ! 3
  • 4. Master Droit - Franck Franchin - © 2013  The Foreign Intelligence Surveillance Act of 1978 prescribes procedures for requesting judicial authorization for electronic surveillance and physical search of persons engaged in espionage or international terrorism against the United States on behalf of a foreign power.  The Stored Communications Act of 1986 is a law that addresses voluntary and compelled disclosure of "stored wire and electronic communications and transactional records" held by third- party internet service providers (ISPs)  Patriot Act - Signed by President George W. Bush on October 26, 200, renew by President Bush on March 9, 2006  The Foreign Intelligence Surveillance Act Amendment Act (FISAA - 2008) allows US authorities to spy on cloud data that includes Amazon Cloud Drive, Apple iCloud and Google Drive. 4
  • 5. Master Droit - Franck Franchin - © 2013  The US law allows American agencies to access all private information stored with firms within Washington’s jurisdiction, without a warrant, if the information is felt to be in the US interests.  That means any company with a presence in the US and regardless of where the data is stored or the existence of any conflicting obligations under the laws where the data is located  Some US-based cloud services and hosting companies might not be able to comply with the EDPD : customers whose private data should have been disclosed under FISA won’t be always notified (which is not compliant with EC directives) 5
  • 6. Master Droit - Franck Franchin - © 2013  The famous 95/46/EC Directive  The European Data Protection Directive requires companies to inform users when they disclose personal information  There are clauses in the Directive that allow data to be stored outside of the EU  Evolution in progress since 2012 ; but strong lobbying against data breach notification enforcement and data aggregation processing restrictions 6
  • 7. Master Droit - Franck Franchin - © 2013  The U.S.-EU Safe Harbor Framework provides guidance for U.S. organizations on how to provide adequate protection for personal data from the EU as required by the European Union's Directive on Data Protection.  Participation is voluntary  Based on principles agreed by Directive 95/46 (October, 1995)  Five major points : ◦ Data owner has been informed of data processing and transfer ◦ Data owner can revoke the rights he granted. ◦ Explicit agreement ◦ Access and change right (aka droit d’accès et de rectification) ◦ Data security (confidentiality, integrity, availability) 7
  • 8. Master Droit - Franck Franchin - © 2013  Payment card security standards body PCI Security Standards Council (PCI SSC) has released new guidance for merchants using cloud-based systems for customer payment data  “Many merchants mistakenly believe that if they outsource everything to a cloud service provider, much of of the responsibility goes away for being PCI compliant – unfortunately, that’s simply not the case,” Bob Russo, general manager at the PCI Security Standards Council “A merchant needs to ensure that a cloud services provider is PCI-compliant not just for its own piece, but for the entire spectrum, including what that provider is specifically doing for the merchant.” 8
  • 9. Master Droit - Franck Franchin - © 2013  TFTP (Terrorist Financing Tracking System)/SWIFT (28 Juin 2010)  Europol in charge of  Audit conducted by Europol in Nov 2010, with warning report issued in March 2011  Too generic requests are made by US (Dpt of Treasury) but acknowledged by Europol  So generic, it’s impossible to confirm these requests are compliant with European Data Protection Directives 9
  • 10. Master Droit - Franck Franchin - © 2013  Nova Scotia Case - As part of a criminal prosecution in US, the Court requested that the US subsidiary disclosed documents stored in Cayman Islands.  Valetta Case – Australian subsidiary of this Maltin bank was summoned by australian Court to disclose documents stored in Malta 10