Description

Adopted 2022 Coordinated Enforcement Action Use of cloud-based services by the public sector

On 17 January 2023, the European Data Protection Board (EDPB) adopted the report "2022 Coordinated Enforcement Action Use of cloud-based services by the public sector", which summarises the findings of an EU-wide Enforcement Action and sets out a list of factors which public bodies should take into account when contracting Cloud Service Providers (CSPs). For example, the EDPB reiterates the obligation for CSPs to fully comply with the GDPR in order to be utilized in the public sector, including during the procurement phase. Special attention should be paid to cross-border data transfers and to the possibility that third country legislation applies, for instance leading to the possibility of access requests from third country authorities to data stored in the EU. Public entities are encouraged to take a series of further steps when contracting CSPs, such as performing a pre-contractual Data Protection Impact Assessment (DPIA), clearly defining the roles for all parties, cooperating with other public bodies when negotiating contracts, and reviewing processing procedures with respect to said DPIA.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
infrastructure provider: cloud computing, storage and databases
Implementation Level
supranational
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2021-10-18
under deliberation

On 18 October 2021, the European Data Protection Board (EDPB) announced its 2022 Enforcement Action…

2023-01-17
adopted

On 17 January 2023, the European Data Protection Board (EDPB) adopted the report "2022 Coordinated …

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.