Stormy Weather: Jurisdiction Over Privacy and Data Protection in the Cloud – Part 2
The Cloud Implies Many Applicable Laws
As noted in Part 1 of this article, Cloud-based IT services have no true jurisdictional neutrality. Potentially applicable laws will include those from any jurisdiction in which data are stored or accessible from, in which a person whose information has been collected resides, or in which a party contracting for or providing services is located. Conflicts in applicable laws are possible. Any party contemplating a Cloud service should, at a minimum, ask the following questions:
- Where are the data transferred stored, and whom are they accessible to?
- Is there a robust set of laws that protects the privacy of personal information in each of those jurisdictions?
- How do these laws differ from the local law that the organization is subject to? Are these differences material?
- By transferring data to these jurisdictions, is there a risk that the organization will be in breach of its privacy obligations under local law?
Reproduced with permission of the publisher of Internet and E-Commerce Law in Canada, vol. 13, no. 10, February 2013.
To discuss these issues, please contact the author(s).
This publication is a general discussion of certain legal and related developments and should not be relied upon as legal advice. If you require legal advice, we would be pleased to discuss the issues in this publication with you, in the context of your particular circumstances.
For permission to republish this or any other publication, contact Janelle Weed.
© 2024 by Torys LLP.
All rights reserved.