Cloud infrastructure providers unveil ground-breaking data protection Code of Conduct
Summary
Under the CISPE Code of Conduct, cloud infrastructure providers cannot data mine or profile customers’ personal data for marketing, advertising or similar activities, for their own purposes or for the resale to third parties. The CISPE Code precedes the application of the new European Union (EU) General Data Protection Regulation (GDPR). It aligns with the requirements set out in this new regulation aiming mainly at giving citizens back the control of their personal data, and simplifying the regulatory environment for international business by unifying the regulation within the EU. CISPE brings together bigger and smaller leading cloud infrastructure service providers headquartered or operating across more than 15 countries.
Story
Alban Schmutz
VP OVH and Chairman of CISPE
“This is the first industry-wide Code of Conduct to do so. It gives customers the assurance that their data always remains in their control and in their ownership,” Alban Schmutz, VP OVH and Chairman of CISPE.
In addition, providers certified with the CISPE Code of Conduct must offer their customers the ability to exclusively process and store data within the EU or EEA territories. This means customers from industry or software vendors procuring such cloud infrastructure services can control where their data is processed and stored physically, while knowing that their provider will not re-use or resell their data.
The new CISPE Code of Conduct gives customers of cloud infrastructure services an important compliance tool that helps them in identifying infrastructure service providers that give them the ability to build services and applications that comply with existing EU Data Protection regulations by keeping content within the EU or EEA. The CISPE code, and Trust Mark awarded to those cloud providers that are in compliance, also demonstrates a cloud infrastructure service providers’ commitment to maintaining the highest levels of data protection and adherence to practices that are fully aligned with the principals of the European Union.
Eva Paunova
Member of the Committee on the Internal Market and Consumer Protection
Axelle Lemaire
French Minister for Digital Affairs and Innovation
The CISPE Code precedes the entry into force of the new, and more stringent, EU General Data Protection Regulation in May 2018 and builds on internationally recognised security standards that enhance data security processing for all cloud customers and for their users. The new code of conduct has been constructed in such a way that it will be aligned with the GDPR when it comes into force. The launch of CISPE Code of Conduct was made today at a round table conference held in Brussels with the attendance of industry key players, SMEs and policy makers and hosted by MEP Eva Paunova, Member of the Committee on the Internal Market and Consumer Protection.
About CISPE
CISPE is a coalition of technology companies focused on the provision of cloud computing infrastructure services across Europe. Headquartered in 11 European countries (Bulgaria, France, Germany, Spain, Finland, Italy, The Netherlands, Norway, Poland, Switzerland and The United Kingdom) and operating in more than 15, the following cloud computing infrastructure service providers endorse the CISPE code of conduct: Arsys, Art of Automation, Aruba, BIT, Daticum, Dominion, Fasthosts, FjordIT, Gigas, Hetzner Online, Home, Host Europe Group, IDS, Ikoula, LeaseWeb, Lomaco, Outscale, OVH, Seeweb, Solidhost, UpCloud, VTX, XXL Webhosting, 1&1 Internet. CISPE is governed by a majority of (a) organisations with their global headquarters in the EU/EEA with representation from at least three different Member States, and (b) a majority of small/midcaps (<€1 billion yearly turnover). Participation in CISPE is open to any infrastructure cloud provider whose services meet the privacy and data processing security requirements of the CISPE Code. CISPE will ensure that cloud infrastructure providers, particularly SMEs, are at the heart of the European public policy debate on cloud computing. CISPE members share the European Commission’s commitment to improving access to digital goods and services and creating an environment where digital services can thrive.
About cloud infrastructure
Cloud Infrastructure as a Service (or “IaaS”) is at the heart of Europe’s digital agenda and of the new economy. Cloud infrastructure enables innovators to rapidly deploy global solutions without the need for either capital expenditure or time-consuming deployments of private infrastructure. Infrastructure suppliers have the specificity to own storage and computing infrastructure to provide them to their customers, without having access to the data that will be stored or processed. Infrastructure providers provide their customers the ability to get very high technical and financial flexibility. They are the suppliers on which other Cloud computing actors are building their own services to their customers. Cloud computing infrastructure deployment is key to the success of Europe’s Digital Single Market as it enables businesses and administrations to focus on innovation and high-quality products and services.
For more information please contact:
VIRGINIE LOUIS, Head of Media Relations,
ICF MOSTRA | direct +32 (0)2 333 59 15 | mobile +32 471 13 97 64 | virginie.louis@mostra.com