Data Localization Laws and Policy
Show Less

Data Localization Laws and Policy

The EU Data Protection International Transfers Restriction Through a Cloud Computing Lens

W. Kuan Hon

Countries are increasingly introducing data localization laws, threatening digital globalization and inhibiting cloud computing adoption despite its acknowledged benefits. This multi-disciplinary book analyzes the EU restriction (including the Privacy Shield and General Data Protection Regulation) through a cloud computing lens, covering historical objectives and practical problems, showing why the focus should move from physical data location to effective jurisdiction over those controlling access to intelligible data, and control of access to data through security.
Buy Book in Print
Show Summary Details
You do not have access to this content

Chapter 3: The ‘transfer’ concept

The EU Data Protection International Transfers Restriction Through a Cloud Computing Lens

W. Kuan Hon

Abstract

• ‘Transfer to a third country’: meaning, data ‘movement’, physical location. • Internet ‘transfers’ – ‘pull’/‘push’; multistage (websites, public cloud, modern outsourcing chains). • ‘Transit’ for Internet routing; GDPR problems. • Webhosting ‘transfers’, provider’s establishment, infrastructure location. • Lindqvist. ‘Pull’, intention to provide access, providers’ status/establishment; server location; UK, the Netherlands, European Data Protection Supervisor (EDPS). • Cloud computing ‘transfers’. Data location, jurisdiction, vs intelligible access to data. • Cloud infrastructure’s location, vs EU regulators’ location-centricity (SWIFT, Safe Harbour, ‘model clauses’, cloud decisions in Denmark, Sweden; Article 29 Working Party (WP29)’s WP196; cf. Canada). • US Microsoft warrant case, extraterritoriality, International Communications Privacy Act (ICPA). • Cloud supply chains, intelligible access, jurisdiction. Legal responsibility for data protection. Many possible cloud ‘locations’ (storage, VMs, metadata, CDNs, ‘regions’); contractual location commitments. • Location-centricity’s implications, e.g. no country’s jurisdiction. Cloud subcontractors. • Data localization’s disadvantages: costs, resilience/business continuity, global trade/business, knowing/verifying locations. • Policy recommendations. Keywords: international transfers, interpretation, cloud computing, data location, WP196, Lindqvist

You are not authenticated to view the full text of this chapter or article.

Elgaronline requires a subscription or purchase to access the full text of books or journals. Please login through your library system or with your personal username and password on the homepage.

Non-subscribers can freely search the site, view abstracts/ extracts and download selected front matter and introductory chapters for personal use.

Your library may not have purchased all subject areas. If you are authenticated and think you should have access to this title, please contact your librarian.


Further information

or login to access all content.