CISPE welcomes US Government efforts to strengthen privacy protections in transatlantic data flows that will bring further clarity and confidence to cloud customers transferring personal information to the USA. Data protection and transparency are foundational values for CISPE and we believe that customers should be free to choose the cloud infrastructure and the deployment model that best fits their needs whilst providing sufficient privacy safeguards.
The CISPE Code of Conduct for Data Protection, the first for cloud infrastructure services to be approved by European data protection authorities, has customer choice at its core. The CISPE Code requires that compliant cloud infrastructures have the capability to store data in multiple locations including the option to store and process customer data exclusively in the European Economic Area. Customers leveraging these cloud infrastructures have choice and flexibility not only to do business globally but also to meet data residency and sovereignty demands.