Some of the world’s largest tech giants — Amazon, Google, Microsoft, IBM, Salesforce/Slack, Atlassian, SAP, and Cisco — have joined forces to establish the Trusted Cloud Principles in what they are claiming is their commitment to protecting the rights of their customers.
“The Trusted Cloud Principles will help safeguard the interests of organisations and the basic rights of individuals using cloud services so that they can accomplish what they need in a safe and secure way,” the signatories said in a statement.
“This initiative is more important today than ever … when some governments come directly to providers like us for access to customer data without their knowledge — in some cases for legitimate reasons but in other cases for reasons that could hinder basic human rights — it creates a tension that needs to be addressed through both technology and policies.
“Our Trusted Cloud Principles make it clear we seek to partner with governments around the world to resolve international conflicts of law that impede innovation, security, and privacy, and to establish and ensure basic protections for organisations that store and process data in the cloud.”
Some of the specific principles that have been founded by the signatories include governments should seek data directly from enterprise customers first, rather than cloud providers, other than in “exceptional circumstances”; customers should have a right to notice when governments seek to access customer data directly from cloud service providers; and there should be a clear process for cloud providers to challenge government access requests for customers’ data, including notifying relevant data protection authorities, to protect customers’ interests.
Also outlined in the principles is the point that governments should create mechanisms to raise and resolve conflicts with each other such that cloud service providers’ legal compliance in one country does not amount to a violation of law in another; and governments should support cross-border data flows.
At the same time, the cloud service providers acknowledge that under the principles they recognise international human rights law enshrines a right to privacy, and the importance of customer trust and customers’ control and security of their data.
The signatories also said they commit to supporting laws that allow governments to request data through a transparent process that abides by human right standards; international legal frameworks to resolve conflicting laws related to data access, privacy, and sovereignty; and improved rules and regulations at the national and international levels that protect the safety, privacy, and security of cloud customers and their ownership of data.
“We commit to working with governments to ensure digital connectivity among nations, to promote public safety, and to protect privacy and data security in the cloud in line with international human rights norms and the rule of law,” the signatories added.
The Trusted Cloud Principles come days after a separate data cloud framework was stood up between Amazon Web Services, Google, IBM, Microsoft and other major tech giants, plus the EDM Council, a cross-industry trade association for data management and analytics.
Under the Cloud Data Management Capabilities (CDMC) framework there are six components, 14 capabilities, and 37 sub-capabilities that sets out cloud data management capabilities, standards, and best practices for cloud, multi-cloud, and hybrid-cloud implementations while also incorporating automated key controls for protecting sensitive data.
Among the six components are data governance and accountability, cataloguing and classification, data accessibility and usage, data protection and privacy, data lifecycle, and technical architecture.
The CDMC framework is available as a free licence to EDM Council members and non-members alike.
“The speed at which businesses are able to respond to change is the difference between those that successfully navigate the future and those that get left behind,” Google Cloud data analytics product management director Evren Eryureksaid.
“The CDMC framework is going to be a tremendous resource for companies as they continue to accelerate their digital transformation and reimagine their business through effectively leveraging the power of real-time data.”
- How the FBI and AFP accessed encrypted messages in TrojanShield investigation
- Home Affairs says Australia likely next to sign CLOUD Act arrangement with the US
- Attorney-General urged to produce facts on US law enforcement access to COVIDSafe
- US Republican Senators develop Bill to end use of ‘warrant-proof’ encryption
- Google to share government requests for GCP, G Suite data