Gordon Nardell QC was a member of an expert panel at this year’s Computers, Privacy and Data Protection conference in Brussels, dealing with the impact of the US Foreign Intelligence Surveillance Amendment Act (FISAA) on EU users of Cloud computing services. The EU Commission’s draft Data Protection Regulation continues the familiar “safe harbour” model for data flows out of the EU. But FISAA imposes real-time monitoring of data connected with “non-US persons”, allowing the US authorities widespread access to data for ill-defined political purposes. Gordon explained that FISAA falls well short of the requirements of the traditional “safe harbour” for EU data flows to third countries, exposing Cloud service providers to conflicting obligations under EU and US law. He called on the Commission to help create certainty by including clear provisions in the DP reform package about data flows to Cloud providers under US jurisdiction. Gordon’s presentation can be found here.
The Independent has picked up the story.