Jan 212012

Various recent news:

Dec 102011

From ZDNet, reports that the Dutch government is avoiding doing business with US cloud providers out of concern that the USA PATRIOT Act could make any data it stores subject to disclosure, in possible contravention of European data protection law.

Discussed by the European Parliament’s Privacy Platform earlier this month, the Patriot Act is being investigated by European authorities, after Gordon Frazer, managing director of Microsoft UK, exclusively told ZDNet that the Redmond-based company must comply with Patriot Act requests, and other companies with a U.S. presence must do also.

This contravenes European law, which states that organisations cannot pass on user data to a third-party outside the European zone without the users’ permission.

In a written answer to a parliamentary question, Dutch minister Ivo Opstelten asserted that, in response to previous questions (Dutch): “This basically means that companies from the United States in such bids and contracts are excluded.”

Dec 052011

Per the Financial Times, the European Union is working on measures allowing for fines of up to 5% of a company’s global turnover should it leak customer data.

The proposals would bolster significantly the EU’s powers on combating data protection breaches, such as when companies sell customer data to third parties without authorisation or fail to adequately protect information held by social networks and “cloud computing” services.

Companies would have 24 hours to notify data protection authorities and the effected parties in cases where private data are compromised, as happened this year when the details of 77m Sony PlayStation accounts were hacked.

By ensuring the rules also apply to foreign groups’ European subsidiaries, the new rules will force global companies to strengthen their data policies.

The article mentions, but not does not discuss in further detail, that measures covering the “right to be forgotten” are included in these proposals, which are expected to take two years to be finalized and then be approved by member states, whom, the article notes, may not be eager to cede jurisdiction on privacy matters to the EU.