Data privacy regulations in the European Union (EU) are among the strictest in the world. Due to this fact how can users/ companies/ research centers be sure that their providers are not lying just to sell products and services ?
Well thank you very much.
European laws are strict related to the privacy of the individual when it comes to health care data.
Germany is the top of the iceberg in EU: http://perspecsys.com/how-we-help/cloud-privacy/german-data-privacy-law/
https://www.thomashelbing.com/en/analysis-data-protection-authority-use-non-eu-cloud-might-violate-german-data-protection-law
Having in mind the advantages of cloud computing, of course there are also a few disadvantages. One of them is privacy.
As a development company which builds innovative products and solutions for health care, in order to implement those products in EU , especially countries like Germany, we would have to work with a very short list of cloud service providers because of many reasons (regulations, laws, authorizations, etc).
Let's assume I will find a reliable partner that can implement all those constrains and strict laws. The most important aspect (in my opinion) is the fact that the data must be stored in Germany.
How can I be sure that that specific partner will keep the data in Germany ? Of course he will sign a contract to comply with the laws from EU / Germany. But if he fails to keep his part ,the development company will probably loose the right to implement the innovative products in health care in that specific area.
This might be an economical, ethical problem.
I believe this is a "law and ethics" question rather than a technical one. I assume that the client and supplier will enter into a contractual agreement that satisfies both parties. If one of the terms of the contract concerns the locality of the data, then the supplier is legally obliged to ensure that this part of the contract is adhered to. If the supplier moves the data to a location where it should not be, then it is the supplier that is in breach of contract. If, for example, the locality of the data is outside the EU, causing the client to be exposed to some kind of punitive damages, then the client should ensure that the contract has some kind of penalty clause built into it to cover that risk.
On the other hand, I do like the idea of an item of data having some kind of tamper proof tag that indicates where it is on the planet and where it has been. Perhaps the future will see passports for data and virtual passport controls.
Well, a tag that indicates the location is a great idea :) , I will "steal" this point of view :)
- Badges
- Science method