What’s to prevent cloud infrastructure providers from mining or selling your data? Launch of a new Trust Mark…

Cloud Infrastructure Services Providers in Europe (CISPE), a newly formed coalition of more than 20 cloud infrastructure providers operating in Europe, announces the launch of the first-ever data protection code of conduct requiring cloud infrastructure services providers to offer their customers the ability to exclusively process and store data within the EU/EEA territories.

Under the CISPE Code of Conduct, cloud infrastructure providers cannot data mine or profile customers’ personal data for marketing, advertising or similar activities, for their own purposes or for the resale to third parties. The CISPE Code precedes the application of the new European Union (EU) General Data Protection Regulation (GDPR). It aligns with the requirements set out in this new regulation aiming mainly at giving citizens back the control of their personal data, and simplifying the regulatory environment for international business by unifying the regulation within the EU. CISPE brings together bigger and smaller leading cloud infrastructure service providers headquartered or operating across more than 15 countries.

Members of CISPE, a coalition of companies committed to the provision of cloud computing infrastructure in Europe, announce their establishment and commitment to embrace a data protection Code of Conduct. The CISPE Code of Conduct makes it simpler for customers to assess whether Cloud Infrastructure Services are suitable for the processing of personal data that they wish to perform, and those that are suitable are identified by a clear Trust Mark. This Trust Mark can be used by cloud infrastructure providers to show customers they are compliant, and compliant organisations will also be listed on the CISPE website.

Under the CISPE Code of conduct, cloud customers will receive the assurance that providers of cloud infrastructure services do not process their personal data, for their own benefit or for the resale to third parties, such as for the mining of personal data, profiling of data subjects, marketing or similar actions.

“This is the first industry-wide Code of Conduct to do so. It gives customers the assurance that their data always remains in their control and in their ownership,” Alban Schmutz, VP OVH and Chairman of CISPE.

In addition, providers certified with the CISPE Code of Conduct must offer their customers the ability to exclusively process and store data within the EU or EEA territories. This means customers from industry or software vendors procuring such cloud infrastructure services can control where their data is processed and stored physically, while knowing that their provider will not re-use or resell their data.

MEP Eva Paunova, Member of the Committee on the Internal Market and Consumer Protection, said, on hearing the news, “The demand for strong cloud infrastructure, where customers are assured that their data is well-protected, is increasing. We as policy-makers can draft a perfect piece of legislation on paper, but what is key is to know what is feasible and what can work on the ground. To that end, I welcome the CISPE Code of Conduct and how it helps European cloud customers to understand that their content is receiving a high standard of data protection. “

The new CISPE Code of Conduct gives customers of cloud infrastructure services an important compliance tool that helps them in identifying infrastructure service providers that give them the ability to build services and applications that comply with existing EU Data Protection regulations by keeping content within the EU or EEA. The CISPE code, and Trust Mark awarded to those cloud providers that are in compliance, also demonstrates a cloud infrastructure service providers’ commitment to maintaining the highest levels of data protection and adherence to practices that are fully aligned with the principals of the European Union.

“The CISPE Code of Conduct show that the European cloud computing industry is capable to provide secure and compliant services for all personal and technical data in Europe and improve trust in digital services,” Axelle Lemaire, French Minister for Digital Affairs and Innovation.

The CISPE Code precedes the entry into force of the new, and more stringent, EU General Data Protection Regulation in May 2018 and builds on internationally recognised security standards that enhance data security processing for all cloud customers and for their users. The new code of conduct has been constructed in such a way that it will be aligned with the GDPR when it comes into force.

The launch of CISPE Code of Conduct was made at a round table conference held in Brussels with the attendance of industry key players, SMEs and policy makers and hosted by MEP Eva Paunova, Member of the Committee on the Internal Market and Consumer Protection.

Find more information on the association, the CISPE Code of Conduct and register interest: WWW.CISPE.CLOUD