Ecco gli argomenti trattati. Testo in pdf di 27 pagine, in inglese.
- Executive Summary
- 1. Introduction
- 2. Data protection risks of cloud computing
- 3. Legal framework
- 3.1 Data protection framework
- 3.2 Applicable law
- 3.3 Duties and responsibilitie s of different players
- 3.3.1 Cloud client and cloud provider
- 3.3.2 Subcontractors
- 3.4 Data protection requirements in the client-provider relationship
- 3.4.1 Compliance with basic principles
- 3.4.1.1 Tran sparency
- 3.4.1.2 Purpose specifica tion and lim itation
- 3.4.1.3 Erasur e of data
- 3.4.2 Contractual safeguards of the “controller”-“processor” relationship(s) .
- 3.4.3 Technical and organisational measures of data protection and data security .
- 3.4.3.1 Avai lability
- 3.4.3.2 In tegrity
- 3.4.3.3 Confid entiality
- 3.4.3.4 Tran sparency
- 3.4.3.5 Isolation (purpose limitation)
- 3.4.3.5 Intervenability
- 3.4.3.6 Port ability
- 3.4.4.7 Accountability
- 3.5 International transfers
- 3.5.1 Safe Harbor and adequate countries
- 3.5.2 Exem ptions
- 3.5.3 Standard contractual clauses
- 3.5.4 BCR: towards a global approach
- 4. Conclusions and recommendations
- 4.1 Guidelines for clients and providers of cloud computing services
- 4.2 Third Party Data Protection Certifications
- 4.3 Recommendations: Future Developments
- ANNEX
- a) Rollout models
- b) Service provision models