Latest Posts

Latest Comments


The EU-US data sharing agreement - a step towards Government using public cloud?


Posted by |

Back in October last year, The Safe Harbour agreement (regulations that enable US companies hosting EU data to abide by the privacy laws in those territories) was declared invalid by the European Court of Justice. The ruling found that under the Patriot Act, the US Government has the right to access data held within its borders regardless of any other legislation or where that data was generated. For anyone working with data here in the UK it was easy to see the issues with the European Court’s ruling. More recently however, the EU has been working with the US to reach a ‘robust’ deal that will allow it to re-claim the privacy of its citizens’ data. European commissioners have agreed to a new framework with the US that allegedly ensures data security rights to EU citizens when their data is held by US organisations. But should the new framework make the UK Government any more trusting of the public cloud?

While it’s a step towards the EU and US reaching common ground, the reality is that the Patriot Act is still valid. That makes the recent deal not much more than smoke and mirrors. The fact remains that it doesn’t change the US’ ability to view data hosted there, whether if it’s from an EU country or not. The UK Government (and its citizens) shouldn’t be fooled by this recent announcement and certainly not view the public cloud as a safer place to host sensitive data as a result.

With all that said the deal is still a good outcome, and there’s one piece of good news in particular that came out of it. The US has committed that when it hosts EU data, it will treat it in the same way that the relevant home country does. As a result, it’s almost certain that the US will ensure that its data centres hosting EU data are compliant with appropriate regulation, and that it audits them accordingly. For UK data that means adhering to the principles of the Data Protection Act. It’s good news for the likes of Amazon and Microsoft who are looking to build data centres in the UK, as they are giving assurance to the EU that they can host Government data and treat it with the same level of protection that it receives here. Essentially, the deal has established a conversation between EU and US authorities on how the US can host data in the way the EU requires. The US has taken steps to show that it can comply with conditions set by the EU.

Over time, the deal is likely to become more robust as US data centre providers increasingly show their capability to match data privacy laws in the EU. A key driver of this would be the annual joint reviews that the two continents have promised to conduct. Now that the EU has strengthened its co-operation with the US, EU Governments are in a better position to negotiate an agreement with the US that promises them a data centre with the security and privacy they need.  With these assurances and the cost of storing data in the US considerably cheaper than it is in the UK, could the UK Government benefit from storing its data in US data centres?



Post a comment

Comment submitted! Comments needs approval before being displayed.