The likely demise of the US Safe Harbor is dominating the data news headlines - but what else is happening in the world of data and cyber regulation? Datonomy provides a round up of other recent developments in Europe and Asia.
With contributions from Andreas Splittgerber and Christian Leuthner in Germany, Sofia Fontanals in Spain and Matthew Hunter, Daniel Jung and Aisling O’Dwyer in Asia, in this update we cover:
EU POLICY AND REGULATION
- EU policy and regulation including latest news from Brussels on the GDPR and NISD
- GDPR and NISD: Commission President Junker has yet again affirmed the “swift adoption” of the GDPR and NISD as priorities in this open letter of 9 September to the European Parliament. Below we take a more detailed look at the recent procedural progress of these two (not-so-swift) proposals.
The latest round up of legal, regulatory and other news from the Datonomy blogging team at Olswang LLP.
With thanks to: Christian Leuthner in Munich, Aisling O’Dwyer and Matt Hunter in Singapore, and Callum Monro-Morrison in London for their contributions to this week’s alert.
EU POLICY AND REGULATION
- Datonomy’s correspondent in Munich, Christian Leuthner has tweeted, that Germany’s IT Security Act came into force on 25 July. See his more detailed coverage of the new Act here
- Network and Information Security Directive: A glimmer of progress on the EU’s draft NISD in the past week, with the mention on the Council’s Consilium website of a Council document “Drafting suggestions on operators providing essential services”. As Datonomy readers will be aware, one of the sticking points on the Directive has been the extent to which online services should be caught by the new rules. At the end of … Continue Reading ››
Last month, Korea passed the world's first cloud-specific law, with the stated aim of driving the adoption of cloud computing in Korea. But what are the practical implications for cloud customers and cloud services providers in Korea?
When does it come into force?
On 3 March 2015, the Korean National Assembly passed the Act on the Development of Cloud Computing and Protection of Users (Cloud Act
). The bill has been under consideration since October 2013. The final version of the Cloud Act is available here
(currently only available in Korean).
The Cloud Act comes into force on 28th
September this year. Before the Cloud Act comes into force, the Ministry of Science, ICT and Future Planning (Ministry
) will establish additional rules for cloud services (as explained below).
What will it do?
The good news for cloud customers and cloud services providers alike is that the Cloud Act aims to promote
the cloud market in Korea.
The … Continue Reading ››
Last year on this blog
we reported on the newly-published ISO 27018 - the first global security standard for cloud services.
Earlier this year
, we compared ISO 27018 with Singapore’s data protection laws (and others) and showed that ISO 27018 will help cloud customers to comply with these laws when using public cloud services.
This month, we blogged
on the latest market developments and noted that ISO 27018 is becoming the “go to” standard to help cloud customers to comply with their privacy obligations when using public cloud services. Cloud customers, CSPs and regulators are using (and benefiting from) this new useful standard around the world. We expect this to continue as more companies (and more personal data) move to the public cloud services.
With thanks to Matthew Hunter, Olswang Associate in the Singapore office, for his contribution to this article.
The Singapore Government has set up The Cyber Security Agency (CSA) of Singapore
which is to be operational from 1 April 2015. The CSA will be formed under the Prime Minister's Office and will oversee cybersecurity strategy, education and outreach, and industry development.
The CSA will replace the functions of the Singapore Infocomm Technology Security Authority (SITSA) which has been monitoring ten sectors including power, transport and telecommunications, as well as taking over some roles of the Infocomm Development Authority (IDA), such as the Singapore Computer Emergency Response Team.
Minister for Communications and Information, Yaacob Ibrahim, will be appointed as the Minister-in-Charge of Cyber Security and David Koh, deputy secretary for technology at the Ministry of Defence will be chief executive of the CSA.
According to the Singapore Government’s publication
, the CSA will bring together and develop the government’s security capabilities currently existing under the Ministry of Home Affairs (MHA) and … Continue Reading ››
Datonomy’s correspondents in Asia take an in-depth look at the new ISO 27018 and evaluate how it can help cloud customers meet the requirements of Singapore’s new Personal Data Protection Act.
Back in September I blogged
on the then newly-published ISO 27018, the first global security standard specifically applying to cloud services. In this recent post
my colleague Daniel Jung and I take an in-depth look at how the new ISO measures up to Singapore’s new PDPA.
The article will also be of wider interest to cloud customers and cloud providers as it considers the various ways a cloud provider can demonstrate compliance with the new standard. To read the post, please visit Datonomy’s sister blog Watching The Connectives at this link
With cyber-security tipped as one of the top tech trends for 2014 a lot has already been written about the controversial data security breach proposals in Europe. But what is happening elsewhere in the world? We hear from one of Datonomy’s Asia correspondents, Olswang Partner Elle Todd
Datonomy was pleased to lead a discussion and mock cyber security breach scenario alongside the local chapter of the IAPP
in Singapore last week where such issues are gaining a lot of attention and interest.
The engaging session, attended by a variety of practitioners, followed the unfortunate exploits of a fictitious international e-commerce company faced with an anonymous threat from an individual claiming that they had managed to obtain the customer database and would release it to the blogosphere. As the morning unfolded, more facts and problems emerged for the company and the audience discussed how best to respond to the potential disaster from … Continue Reading ››