Cloud Computing and Data Privacy – The Privacy Shield

Accessing data services through cloud to optimise costs and structure came into focus of data privacy. Data protection, data security (AIC triad) and data transfer are the main topic of the article. European general data protection regulation as of 25 May 2018 has had a significant impact on data processing in cloud computing. In particular, data subject’s rights have been enhanced, both data controllers and processors are required to appoint DPOs and to establish an independent supervisory authority at national levels. Also a new mechanisms for providing and proving proper personal data processing was approved which serves as a tool to demonstrate the compliance with the new General Data Protection Regulation. The second part of the article examines a new framework for the protection of personal data in case of transfer to the USA. Up until 2015, most US companies relied on the Safe Harbour regime, which allowed the transfer of data for commercial purposes from the EU to the USA through a companies’ self-certification system at the US Department of Commerce. However, in 2015 the Court of Justice of the EU declared the EU Commissions’ 2000 decision on the "adequacy” of the Safe Harbour regime invalid, reasoning that the lack of rules in the US to limit interference with the fundamental rights of the persons whose data is transferred from the EU to the US, nor the effective judicial remedies for individuals are to be found. Hence the Privacy Shield was adopted in 2016. The article affirms that the Privacy Shield sought to address the main concerns raised by the Court of Justice of the EU in the Schrems case of 2015.

Keywords: cloud computing, data privacy, privacy shield, General Data Protection Regulation.