Jurisdiction Matters in the Cloud : My recent Interview by cloud.ca

Éloïse Gratton February 25, 2016

I was recently interviewed by regional cloud provider cloud.ca on jurisdiction issues and the cloud. I explained how regions matter, not only to governments but to any organization with strict compliance requirements or risk management practices. cloud.ca published the interview as a white paper entitled: “Even in the Cloud, Jurisdiction Matters” which summarizes our discussion.

The white paper discusses why jurisdiction matters for cloud computing, for instance what types of data and which industries does Canadian regional jurisdiction have a notable impact on, what types of legislation should be considered when choosing a region outside Canada for cloud, how can “who owns and operates the cloud” impact jurisdiction, and whether keeping data encrypted in transit and “at rest” overcome the challenges with regional jurisdiction.

The paper provides information on issues pertaining specifically to Canada, such as whether Canadian law is particularly “good” or “bad” for certain types of data and whether there are notable differences between Canadian provinces’ legal jurisdictions when it comes to data/cloud. The recent Safe Harbour ruling issued by the Court of Justice of the European Union in October 2015 invalidating an important Commission Decision 2000/520 is also discussed, and I explain what this means for Canada.

I was also asked if in the long term, I expect globalization of digital business to eliminate barriers to who can store, manage and process data. I discuss how it is difficult to say whether the barriers will eventually be eliminated. On a global scale, most countries are using a similar legal framework on the issue of data protection, one which is based on the Fair Information Practices Principles (or FIPPs) which dates back to the early 70s, but that data protection/privacy laws may remain different simply due to cultural differences. For instance, the EU is considered as one of, if not the most privacy stringent jurisdictions in the world, but the US is not, in part because it strongly values freedom of information. Canada sits somewhere in the middle, probably leaning towards the position of the EU, with Quebec having the most stringent privacy laws in Canada. I explain how what might happen in the long run are globally accepted standards that make data outsourcing easier will play a more important role (i.e. ISO security standards such as ISO/IEC 27018).

cloud.ca’s white paper on jurisdiction and the cloud is available here.

Jurisdiction Safe Harbour

This content has been updated on February 25, 2016 at 15 h 13 min.

Éloïse Gratton

Privacy & Data Protection Law

Jurisdiction Matters in the Cloud : My recent Interview by cloud.ca

Data governance and privacy risks in Canada: A checklist for boards and c-suite

An Update on New Québec Confidentiality Incidents and Record-Keeping Requirements

The inside scoop on how to become a privacy lawyer: 10 tips from the top

Preparing for the Privacy Reform in Canada

Getting Ready for Québec’s New Privacy Law in 2023 (Part 1): Using what we know so far

Getting Ready for Quebec’s New Privacy Law in 2023 (Part 2): Navigating uncertainty in the Law

Une fugitive recherchée depuis 30 ans, capturée à Berlin grâce à la reconnaissance faciale

CBC Windsor Morning Radio Show

La Cour suprême vient compliquer les cyberenquêtes

Une fugitive capturée à Berlin grâce à la reconnaissance faciale

Aide-mémoire en matière de protection de la vie privée et de sécurité des renseignements personnels

Lucky 7 data privacy and security cheat sheet