Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

CSA Official Press Release

Published 06/29/2012

CNIL (French Data Protection Authority) Recommendations on the use of Cloud Computing Services

CNIL (French Data Protection Authority) Recommendations on the use of Cloud Computing Services

The following blog entry on "CNIL on Cloud Computing" was written by the external legal counsel of the CSA, Ms. Francoise Gilbert of the IT Law Group. We repost it here with her permission. It can be viewed in its original form at: http://www.francoisegilbert.com/2012/06/cnil-on-cloud-computing/ On June 25, CNIL – the French Data Protection Authority – published its recommendation on the use of cloud computing services. This recommendation is the result of a research project on cloud issues, which started in the Fall of 2011 with a consultation with industry. The documents released by CNIL include a summary of the research and documents; a compilation of the responses received to the consultation, and a set of recommendations. The recommendations includes:

  • Clearly identify the type of data and type of processing that will be in the cloud
  • Identify the security and legal requirements
  • Conduct a risk analysis to identify the needed security measures
  • Identify the type of cloud service that is adapted for the contemplated type of processing
  • Choose a provider that provides sufficient guarantees
The CNIL document also provides an outline of the contractual clauses that should be included in a cloud contract and contains “Model Clauses” that may be added to contracts for cloud services. These model clauses are provided as a sample, are not mandatory, and can be changed or adapted to each specific contract. Except for a high level summary in English, the documents described above are currently available only in French on the CNIL website. According to CNIL representatives, English translations of these documents should be available shortly.
  • Overview of CNIL Recommendation – Summary in English:
http://www.cnil.fr/english/news-and-events/news/article/cloud-computing-cnils-recommandations-for-companies-using-these-new-services/
  • Overview of CNIL Recommendation – Summary in French
http://www.cnil.fr/la-cnil/actualite/article/article/cloud-computing-les-conseils-de-la-cnil-pour-les-entreprises-qui-utilisent-ces-nouveaux-services/
  • Compilation of the responses to the CNIL consultation on cloud computing (in French)
http://www.cnil.fr/fileadmin/images/la_cnil/actualite/Synthese_des_reponses_a_la_consultation_publique_sur_le_Cloud_et_analyse_de_la_CNIL.pdf
  • Recommendation for companies wishing to use cloud services (in French)
http://www.cnil.fr/fileadmin/images/la_cnil/actualite/Recommandations_pour_les_entreprises_qui_envisagent_de_souscrire_a_des_services_de_Cloud.pdf.

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.