On 14 July 2016, the US Court of Appeals for the Second Circuit ruled that Microsoft cannot be forced by US law enforcement to hand over customer emails stored in its Ireland data centre. At stake were fundamental questions about privacy in the cloud. The decision has been hailed by the technology sector and privacy campaigners around the world as a global milestone for the advancement of laws balancing the legitimate interests of law enforcement and individuals' right to privacy. But what does a US Court decision about data on a server in Ireland mean for cloud in Asia? In this post, we look at the Court's decision and why it is good news for the whole cloud ecosystem in Asia. What was the case about? The case centred on a warrant issued by US law enforcement in a narcotics case. The warrant required Microsoft to hand over emails that were stored … Continue Reading ››
In what's turned out to be a great week for US privacy developments, hot on the heels of the Privacy Shield announcement, yesterday, 14 July, the 2nd US Circuit Court of Appeals gave its anxiously awaited judgment in the Microsoft search warrant saga. The case centred on a warrant in a US narcotics case requiring Microsoft to hand over emails that were stored on a Microsoft server in Dublin. After Microsoft refused, a District Court in Manhattan held in 2014 that Microsoft was compelled to hand the emails over. Microsoft appealed. At stake of course was not just some emails, but fundamental questions concerning the extent to which one country can extend its long arm of the law into another jurisdiction and the individual's rights to privacy and protection under their own domestic laws. No wonder then that this case quickly became a cause celebre not only for privacy … Continue Reading ››
The likely demise of the US Safe Harbor is dominating the data news headlines - but what else is happening in the world of data and cyber regulation? Datonomy provides a round up of other recent developments in Europe and Asia. With contributions from Andreas Splittgerber and Christian Leuthner in Germany, Sofia Fontanals in Spain and Matthew Hunter, Daniel Jung and Aisling O’Dwyer in Asia, in this update we cover:
- EU policy and regulation including latest news from Brussels on the GDPR and NISD
- News from the UK
- News from Germany
- News from Spain
- News from Asia
- GDPR and NISD: Commission President Junker has yet again affirmed the “swift adoption” of the GDPR and NISD as priorities in this open letter of 9 September to the European Parliament. Below we take a more detailed look at the recent procedural progress of these two (not-so-swift) proposals.
- ECJ’s Safe Harbor decision expected 6 October: Not long … Continue Reading ››
The latest round up of regulatory news from the Datonomy blogging team at Olswang LLP. Reports and statistics The Ponemon institute has published its 10th annual benchmarking study into the Cost of Data Breach for the US. Headline statistics, which drew on a sample of 62 US companies in 16 sectors, include the following:
- $6.5m is the average total cost of data breach
- 11% increase in total cost compared to last year
- $217 is the average cost per lost or stolen record (up 8%)
- Malicious or criminal attacks continue to be the primary cause of breach, and these were also the most costly breaches.
Following a short Easter break, the Datonomy blogging team at Olswang LLP is back with the latest round up of legal and regulatory developments and other news on cybersecurity. UK policy and regulatory developments
- With a pre-election freeze on government policy announcements, let’s look instead at what the major parties are saying about cybersecurity. On 11 April the Lib Dems announced they would introduce a Digital Rights Bill if elected, and launched an online consultation seeking voters’ views on what this should include. The proposed Bill would enshrine individuals’ digital rights in one comprehensive piece of legislation. The eleven “big ideas” are set out in this document and include privacy, data protection, control of user content, consumer rights, freedom of speech, open data and surveillance. Cybersecurity features as part of Big Idea Number 9: Encryption. The manifesto calls for individuals, businesses and public bodies to have the right to use strong encryption, … Continue Reading ››
Last month, Korea passed the world's first cloud-specific law, with the stated aim of driving the adoption of cloud computing in Korea. But what are the practical implications for cloud customers and cloud services providers in Korea? When does it come into force? On 3 March 2015, the Korean National Assembly passed the Act on the Development of Cloud Computing and Protection of Users (Cloud Act). The bill has been under consideration since October 2013. The final version of the Cloud Act is available here (currently only available in Korean). The Cloud Act comes into force on 28th September this year. Before the Cloud Act comes into force, the Ministry of Science, ICT and Future Planning (Ministry) will establish additional rules for cloud services (as explained below). What will it do? The good news for cloud customers and cloud services providers alike is that the Cloud Act aims to promote the cloud market in Korea. The … Continue Reading ››
Last year on this blog we reported on the newly-published ISO 27018 - the first global security standard for cloud services. Earlier this year, we compared ISO 27018 with Singapore’s data protection laws (and others) and showed that ISO 27018 will help cloud customers to comply with these laws when using public cloud services. This month, we blogged on the latest market developments and noted that ISO 27018 is becoming the “go to” standard to help cloud customers to comply with their privacy obligations when using public cloud services. Cloud customers, CSPs and regulators are using (and benefiting from) this new useful standard around the world. We expect this to continue as more companies (and more personal data) move to the public cloud services. With thanks to Matthew Hunter, Olswang Associate in the Singapore office, for his contribution to this article.