Publications

E-mail lends itself well to being a cloud service. The advantage is that it can be more efficient and less costly because there is no need for the IT department to set up its own mail server. Because the mail facility operates in a cloud, emails are now being exchanged outside the company network. The data is processed via the Internet without knowingwhere it actually is. If that data is personal data, privacy aspects will have to be considered when contracting a cloud computing provider.

Several obligations under the Dutch Data Protection Act (Wet bescherming persoonsgegevens), such as those relating to the transfer of personal data, will clearly need to be addressed. As a first step, clients andcloud computing providers must clarify their division of roles in the context of privacy and the obligations incumbentupon them as a consequence.

The Dutch Data Protection Act is based on the EU Privacy Directive 95/46. A draft proposal for an EU Privacy Regulation – intended to replace the 1995 EU Privacy Directive in time - was leaked towards the end of 2011. This article focuses primarily on existing Dutch privacy law, with the qualification that we may be seeing a very different landscape in two or three years’ time.

Download pdf

< To overview