The subject of the Patriot Act vs EU data privacy has once again made headlines. CIO.com has just published “The Patriot Act and Your Data: Should You Ask Cloud Providers About Protection?” But, unlike other articles to date, this one opens up new ground by reminding us that even without the Patriot Act, US Law Enforcement Agencies (LEAs) are still able to access personal data residing in the EU – and legally to boot. This is done through MLATs, or Mutual Legal Assistance Treaties, which allow an LEA in country A to request his counterpart in country B to cooperate in providing information on a suspect in country B – whilst at the same time protecting the suspect’s civil rights. [Read more...]

The revised EU data protection laws, which were first leaked to the press in early December 2011, will be submitted to the European Parliament for ratification around the end of January 2012.

There has been extensive coverage of this over the past month of December. Unfortunately, most of it makes for pretty heavy reading, which many of us are either unable or unwilling to wade through. But given its critical importance to both cloud service providers (especially in the US) and to their clients and prospects (especially in Europe), I have attempted here to summarize the main highlights in short, bulleted one-paragraph form in the four key areas of jurisdiction, controller and processor responsibilties, individual rights and company obligations. Those who want to dig deeper can check out the Further Reading section at the end. [Read more...]