Artifact Peer Review
Privacy Level Agreement Working Group Charter
The Cloud Security Alliance would like to invite you to review and comment on the updated Privacy Level Agreement Working Group Charter. The Privacy Level Agreement (PLA) Working Group was originally established in 2011 with the objective to define good practices and tools to help both CSPs and cloud users in their journey toward the compliance with relevant European Union privacy legislations. The draft CSA Code of Conduct and Certification are currently under the revision of the relevant Data Protection Authorities. The goal of CSA is, clearly to obtain the approval of both of them by the European Data Protection Board. The current version of the PLA CoP (V3.2) doesn’t thought cover the requirements of the GDPR Art.46 on international data transfer. Given the importance of the topic in the cloud market, the CSA has decided to take action and revise the current versions of its CoC and Certification so to be able to use them as tools for international data transfer. Moreover, in its mission to support both CSPs and customers to overcome their cloud security and privacy challenges, the CSA has also decided to initiate an analysis of other relevant Privacy and Data Protection regulations applicable to the cloud market and define, on the basis of the results already achieved, new tools and best practices for global privacy compliance. In summary, the extension of the scope of existing CSA’s best practice and tools for GDPR compliance to international data transfer and global privacy compliance, would be the main goals of the new PLA WG. This is your opportunity to provide feedback and identify any critical areas that we might miss in our working group’s focus. The open review and comments period starts today and ends on November 29, 2019.