Amazon, Microsoft, Google back creation of Trusted Cloud Principles
The initiative calls on governments to recognise baseline security and privacy protections for customers
As part of the initiative, the tech companies have committed to protecting the privacy and security of their customers’ data by calling on governments to “recognise certain baseline protections as they enact laws for the cloud era”.
This includes supporting cross-border data flows and addressing conflicts of law between countries, which often results in the cloud service providers’ compliance requirements differing from one country to another.
The Trusted Cloud Principles also address governmental requests for customer data, with signatories calling on states to seek data directly from enterprise customers rather than cloud service providers. This doesn’t apply to “exceptional circumstances”, which were not specified by the document, yet are likely to include serious criminal charges.
Customers of cloud service providers should also have the right to be notified in advance of governments’ plans to access their data, while the providers should be able to challenge such data requests as well as notify “relevant data protection authorities”.
The signatories stated that, although “governments have a legitimate and important interest in protecting the safety and security of their people”, there have been cases where “they seek to gain access to data under laws that do not adequately protect human rights and the rule of law, and conflict with laws of other countries”.
“As cloud service providers, we are committed to protecting the privacy and security of our customers’ data in all jurisdictions through policy and technology,” they added.
How to secure workloads in hybrid clouds
Cloud workload protectionFree download
In order to achieve their objectives, the signatories “commit to working with the tech sector, public interest groups, and policymakers around the world, particularly in the countries where we operate or plan to operate data centers and cloud infrastructure, to ensure that laws and policies are substantially in line with the (...) principles”.
The announcement of the Trusted Cloud Principles comes weeks after one of the world’s largest secure email services, Protonmail, was criticised for providing authorities with the IP address of a French climate activist. Being based in Switzerland, the email services provider prides itself on benefiting from the country’s strict privacy laws, yet was “obligated" to comply with the “legally binding order from Swiss authorities”, according to founder and CEO Andy Yen.
Many disagreed about the severity of the crime, with Amnesty International technologist Etienne Maynier stating on Twitter that he has “a hard time seeing how young people squatting buildings in Paris is an extreme criminal case”.
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download