On 14 July 2016, the US Court of Appeals for the Second Circuit ruled that Microsoft cannot be forced by US law enforcement to hand over customer emails stored in its Ireland data centre. At stake were fundamental questions about privacy in the cloud. The decision has been hailed by the technology sector and privacy campaigners around the world as a global milestone for the advancement of laws balancing the legitimate interests of law enforcement and individuals' right to privacy. But what does a US Court decision about data on a server in Ireland mean for cloud in Asia? In this post, we look at the Court's decision and why it is good news for the whole cloud ecosystem in Asia. What was the case about? The case centred on a warrant issued by US law enforcement in a narcotics case. The warrant required Microsoft to hand over emails that were stored … Continue Reading ››
In what's turned out to be a great week for US privacy developments, hot on the heels of the Privacy Shield announcement, yesterday, 14 July, the 2nd US Circuit Court of Appeals gave its anxiously awaited judgment in the Microsoft search warrant saga. The case centred on a warrant in a US narcotics case requiring Microsoft to hand over emails that were stored on a Microsoft server in Dublin. After Microsoft refused, a District Court in Manhattan held in 2014 that Microsoft was compelled to hand the emails over. Microsoft appealed. At stake of course was not just some emails, but fundamental questions concerning the extent to which one country can extend its long arm of the law into another jurisdiction and the individual's rights to privacy and protection under their own domestic laws. No wonder then that this case quickly became a cause celebre not only for privacy … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. EU policy and regulatory developments
- General Data Protection Regulation (GDPR): As Datonomy readers will by now be well aware, on 15 June the GDPR reached another key milestone with the EU Council (i.e. Member States) adopting their “general approach” to negotiating the whole proposal with the Parliament and the Commission. This means that all three EU institutions have declared their negotiating stance on the wide ranging proposal and that three way negotiations can now begin. The first such trilogue is scheduled for 24 June, with a six month provisional timetable recently outlined by a group of MEPs here, aimed at adoption of the proposal by the end of 2015. Given the complexity of the proposal and the fact that it has already taken three and a half years to … Continue Reading ››
The latest round up of regulatory news from the Datonomy blogging team at Olswang LLP. Reports and statistics The Ponemon institute has published its 10th annual benchmarking study into the Cost of Data Breach for the US. Headline statistics, which drew on a sample of 62 US companies in 16 sectors, include the following:
- $6.5m is the average total cost of data breach
- 11% increase in total cost compared to last year
- $217 is the average cost per lost or stolen record (up 8%)
- Malicious or criminal attacks continue to be the primary cause of breach, and these were also the most costly breaches.
These new guidelines were published in June by the Cloud Select Industry Group. Forming part of the European Commission’s wider Cloud Computing strategy which was unveiled in 2012, the guidelines have been described as a first step towards standardised building blocks for terminology and metrics in cloud SLAs. They aim to improve the drafting clarity and customer understanding of cloud SLAs. European Commission Vice-President Viviane Reding said: "[the] new guidelines will help generate trust in innovative computing solutions and help EU citizens save money. More trust means more revenue for companies in Europe's digital single market." The 62 page guidelines – created by a drafting team which included participants from IBM, Amazon, Microsoft and T-Systems – deal with service levels relating to availability, reliability, security, support services and data management, and take into account the guidance of the Article 29 Working Party.