The European Commission has announced a new set of standard contractual clauses to be used in agreements with processors located outside the EU / EEA. The new SCCs represent an effort to better ensure privacy protection when European personal data are passed on to subcontractors in business process outsourcing, cloud computing, and other contexts of successive data sharing.
Last month we posted some basics on cloud computing designed to provide some context and identify the legal issues. What is the cloud? Why is everyone in the tech community talking about it? Why do we as lawyers even care? Dave provided a few things for our readers to think about -- privacy, security, e-discovery. Now let's dig a little deeper. I am going to start with privacy and cross-border data transfers. Is there privacy in the cloud? What are the privacy laws to keep in mind? What are an organization's compliance obligations? As with so many issues in the privacy space, the answer begins with one key principle -- location, location, location.