欧盟委员会(EC)将数据保护立法视作云计算在欧洲发展和扩张的一大主要障碍。根据欧盟委员会要促进欧盟(EU)云计算的发展环境建设的目标,本文旨在评估在欧盟《通用数据保护条例》(以下简称《条例》)框架下,云服务提供商的新角色、责任后果和个人新权利。分析表明,鉴于欧盟把数据保护置于一项基本权利的地位,《条例》大大提高了云计算中数据保护的标准,这使欧盟内云服务提供商面临比非欧盟竞争有更高要求的挑战。进一步分析表明,通过提高隐私保护技术和《条例》的域外适用,再加上巨额违规罚款,《条例》提供的工具或许可以使非欧盟的服务提供商将其商业模式调整为符合欧盟标准,从而重新平衡可能出现的市场中云计算服务瓦解情形。本文认为《条例》提供了或许能使全球数据,尤其是云计算的保护标准提高的工具。
<<关键词: | 云计算个人信息保护欧盟通用数据保护条例 |
The EC adopted a strategy to unleash the potential of cloud computing,where it marked data protection legislation as one of the main barriers for the development and expansion of cloud computing in Europe. In light of the EC goal to ensure a stimulating environment for the development of cloud computing in the EU,this paper aims to assess the consequences of the new roles and responsibilities of cloud service providers and the new rights for individuals under the GDPR. The analyses show that,in line with the position of data protection in the EU as a fundamental right,the GDPR considerably raises standards of data protection in cloud computing,which faces EU cloud service providers with a more demanding position than their non-EU competition. Further analysis shows that by promoting privacy enabling technology and by the extraterritorial application of the GDPR,together with the hefty fines for non-compliance,the GDPR provides tools that might force non-EU service providers to adjust their business model to EU standards,thus rebalancing possible market disruption in cloud computing. The paper concludes that the GDPR provides tools that might result in raised standards of data protection globally and in cloud computing in particular.
<<