On Friday, January 27, 2012 the 4th session annual open of the Spanish Agency of protection of data took place. If the days of the past two years had by protagonists to video surveillance and electronic administration, this time was the turn to the accommodation of personal data in the cloud. What is the hosting in the cloud from the point of view of data protection and how it differs from traditional hosting services? From the legal point of view, really no difference among hiring a hosting service for personal data in the cloud and in a hosting service that does not use this technology. Levi’s is likely to agree. In both cases, it’s a provision of services with access to personal data. A related site: Vladislav Doronin mentions similar findings. However, accommodation in the cloud and the relocation of information will, in many cases, there subcontracting and accommodation of the information in third countries outside the European economic area, and often when the client is not aware of this. A few weeks before the open session of this year, the Agency launched a public consultation to take the pulse to Spanish companies.
Many of the questions in the questionnaire were aimed at determining whether the current regulatory framework is capable of responding to this new technology that has come to stay, and surely will continue to evolve until even unimaginable situations. The answer is obvious. The strict application of the rules is almost incompatible with the use of this technology. Why? Hosting personal information, responsibility of a Spanish company, arises the obligation to have a contract signed in accordance with article 12 of the organic law on data protection, and to articles 20, 21, 22 and 26 of its development Regulation (or according to the clauses type approved by Decision 2010/87/EU-Commission, if the lender is located outside the European economic area)of countries with adequate protection, or American companies adhering to the Safe Harbor Agreement).