Navigating the road to data privacy: How cloud providers can help

Share this post:

In this new data-driven era, the understandable call for more effective data protection has led to an increase in government legislation worldwide. Here in the European Union, the General Data Protection Regulation (GDPR) is drawing close to its implementation date, also accompanied by proposed legislation on ePrivacy, data ownership and free flow of data to name but a few.

In the midst of the efforts to understand and comply with legislation, we must be mindful of the needs of individuals and organisations that the various laws aim to protect. We believe that organizations like our own, and others who process or interact with enterprise or consumer data, not only have an obligation to handle data responsibly, we also have a duty to be transparent about how we do so in a way that is useful and easy to understand. This is why IBM has published a first of its kind platform, Data Responsibility @ IBM, to give clients and key stakeholders a comprehensive view of the principles and practices we apply as a steward of data. Through Data Responsibility @ IBM, we are the only technology company clearly and completely outlining our principles and policies around data—providing a model for our clients and other enterprises as they navigate the changing landscape of data privacy.

When it comes to data protection in cloud computing, IBM continues to strengthen trust in the services we offer. For example, in Data Responsibility @ IBM we state clearly that our clients are not required to relinquish rights to their data to have the benefits of IBM’s Watson solutions and services. We believe the unique insights derived from clients’ data are their competitive advantage, and we will not share them without their agreement.

Furthermore, our expanding cloud footprint in Europe – with new data centres opening across the continent – means that clients have a wider choice of where they can consume such services as Watson and where their data is processed and stored. Just yesterday, IBM announced new capabilities for IBM Cloud in Europe. Located in Frankfurt, Germany, the new offerings are designed to give clients the highest level of control over the valuable data they entrust to the IBM Cloud. The enhancements include a combination of new technology, new processes and additional EU-based support staff designed to give clients complete control over where their data lives, who has access to it and what they can do with this access.

While we believe that any government-mandated data localisation is damaging to innovation and economic growth, we are equally convinced that offering a choice to clients of where their data is handled deepens trust in our services. While using cloud computing to help reduce costs and drive innovation, businesses also have security and data protection front-of mind and they seek a service that they trust. And as IBM and our clients prepare for the implementation of GDPR, these location-centred offerings are increasingly valuable and essential.

Our adherence to the EU Cloud Code of Conduct—and our early support for it—is another clear signal of our steadfast data stewardship. The result of four years of collaboration between the European Commission and the cloud computing community, the EU Cloud Code of Conduct is the only code of conduct which EU authorities have been involved in developing. By signing up services to the independently-governed EU Cloud Code of Conduct, IBM has unequivocally committed to implementing robust data protection and security policies that support the significant changes ahead.

Recently we have seen a strong increase in industry interest and involvement in the Code, which is a positive step in companies’ commitment to adhering to GDPR and employing responsible data protection practices.

Membership of the EU Cloud Code of Conduct is now global. Alongside Alibaba Cloud, and the other founder members IBM, SAP, Oracle and Fabasoft, we are pleased to welcome several new industry members as well as the UK Cloud Industry Forum as a supporter.

More cloud providers are in the process of signing up so we should see further uptake in membership shortly. The EU Cloud Code of Conduct is now establishing itself as the gold standard reference for trusted cloud providers in data privacy, covering the full range of cloud service models. Those that sign up to the Code and are approved by the independent governing body will receive a certificate demonstrating adherence. Once GDPR is in place, the European Data Protection Board will vet codes as to their effectiveness. Just like the well-known ‘CE’ mark declares that a product complies with the essential requirements of European health, safety and environment law, the cloud code of conduct compliance mark demonstrates the provider’s commitment to rigorous data protection safeguards.

Rather than having to wade through complex legal texts, adherence to the EU Cloud Code of Conduct is a transparent way for any cloud user to test whether the Cloud Provider uses trustworthy data practices. This is not only very useful for Cloud customers but also to Data ProtectiJonathan Sageon Authorities who will use mechanisms such as Codes of Conduct to simplify enforcement with GDPR. The latest Code of Conduct is open for all to inspect – with the full text available online.

As we move into a new age of data privacy, IBM will continue to raise the bar on data responsibility and to help businesses understand and comply with legal requirements. We firmly hope our industry peers will follow suit. It is our duty to help smooth the way towards a data secure environment.

Jonathan Sage
IBM Government and Regulatory Affairs Executive


More stories

A New Public-Private Partnership to Advance Cybersecurity in France

IBM today opened its new Security Operations Center (SOC) in Lille, France. The SOC offers security incident and response services to organisations that are at the heart of the French society and economy. Operating 24 hours a day, seven days a week, the security center team will monitor the latest security events, assess their potential impact […]

Continue reading

IBM Statement on Filing an Amicus Curiae Brief in the United States Supreme Court

IBM issued the following statement on filing an amicus curiae brief in the United States Supreme Court: “Changes in technology move faster than changes in the law, and when the law addresses new technology it must consider not only the immediate facts of the case at bar, but also the potential implications that a legal […]

Continue reading

IBM Letter to House Judiciary Committee on Anti-Sex Trafficking Bill

IBM today urged leadership of the House Judiciary Committee to align its anti-sex trafficking legislation with a parallel Senate bill.

Continue reading