Cloud infrastructure providers unveil data protection Code of Conduct

Cloud Infrastructure Services Providers in Europe (CISPE), a newly formed coalition of more than 20 cloud infrastructure providers, has announced the launch of the first-ever data protection code of conduct.

The code requires cloud infrastructure services providers to offer their customers the ability to exclusively process and store data within the EU/EEA territories.

Under the CISPE Code of Conduct, cloud infrastructure providers cannot data mine or profile customers’ personal data for marketing, advertising or similar activities, for their own purposes or for the resale to third parties.

The CISPE Code precedes the application of the new European Union (EU) General Data Protection Regulation (GDPR). It aligns with the requirements set out in this new regulation aiming mainly at giving citizens back the control of their personal data, and simplifying the regulatory environment for international business by unifying the regulation within the EU. CISPE brings together bigger and smaller leading cloud infrastructure service providers headquartered or operating across more than 15 countries.


Trust Mark

The CISPE Code of Conduct makes it simpler for customers to assess whether cloud infrastructure services are suitable for the processing of personal data that they wish to perform, and those that are suitable are identified by a clear Trust Mark. This Trust Mark can be used by cloud infrastructure providers to show customers they are compliant, and compliant organisations will also be listed on the CISPE website.

In addition, providers certified with the CISPE Code of Conduct must offer their customers the ability to exclusively process and store data within the EU or EEA territories. This means customers from industry or software vendors procuring such cloud infrastructure services can control where their data is processed and stored physically, while knowing that their provider will not re-use or resell their data.

MEP Eva Paunova, Member of the Committee on the Internal Market and Consumer Protection, said: “The demand for strong cloud infrastructure, where customers are assured that their data is well-protected, is increasing. We as policy-makers can draft a perfect piece of legislation on paper, but what is key is to know what is feasible and what can work on the ground. To that end, I welcome the CISPE Code of Conduct and how it helps European cloud customers to understand that their content is receiving a high standard of data protection.”

Related reading