Cloud pro­vi­ders: Risk manage­ment and con­tract negotiation 

Intro­duc­to­ry con­si­de­ra­ti­ons It is no secret that cloud ser­vices are the topic of the day, nor that this affects all indu­stries – inclu­ding regu­la­ted indu­stries such as banks, insu­rers and play­ers in the health­ca­re sec­tor, as well as federal, can­to­nal and local authorities.

How Goog­le, Micro­soft and Sales­for­ce are imple­men­ting the new SCC and what this means for mana­gers in the EEA and Switzerland 

A con­tri­bu­ti­on by Lena Göt­zin­ger and Han­nes Meyle Sin­ce Sep­tem­ber 27, 2021, the trans­fer of per­so­nal data to coun­tries out­side the EEA that do not offer an ade­qua­te level of data pro­tec­tion from the per­spec­ti­ve of the GDPR must, in princip­le, com­ply with the data pro­tec­tion pro­vi­si­ons in for­ce on Sep­tem­ber 4, 2021.

Hoeren/Tiessen: Notes and sam­ple ans­wers on the data pro­tec­tion-com­pli­ant use of Office/Microsoft 365 

Prof. Dr. Tho­mas Hoe­ren has poin­ted out that the Ham­burg Data Pro­tec­tion Com­mis­sio­ner is sen­ding out an exten­si­ve que­sti­onn­aire on Office/ Micro­soft 365, and that various sta­te data pro­tec­tion com­mis­sio­ners are plan­ning a broad ban on the use of cor­re­spon­ding ser­vices. Prof. Hoe­ren and Mar­ten Tie­ssen (both ITM Mün­ster) have

Micro­soft Exchan­ge Ser­ver: Need for action for companies 

A few days ago it beca­me known that Micro­soft Exchan­ge email ser­vers were affec­ted by vul­nera­bi­li­ties (see e.g. the announ­ce­ments of the Ger­man BSI). In com­bi­na­ti­on, the­se vul­nera­bi­li­ties could be used for attacks, which appar­ent­ly took place wide­ly (Krebs on Secu­ri­ty): At least

Microsoft’s initi­al respon­se to Schrems II and the EDSA recommendations. 

As is well known, the ECJ over­tur­ned the Pri­va­cy Shield in the Schrems II ruling – the Euro­pean one, but in effect also the Swiss one – and last week the EDSA published draft (qui­te que­stion­ab­le) gui­de­li­nes on this. Now that the EU Com­mis­si­on has also published new

Micro­soft v. USA: Case writ­ten off 

The Supre­me Court of the United Sta­tes has writ­ten off the case USA vs. Micro­soft on the sur­ren­der of data stored abroad. The US Con­gress enac­ted the CLOUD Act at the end of March: U.S. Con­gress enacts law to cla­ri­fy scope of war­rants for over­se­as data

U.S. Con­gress enacts legis­la­ti­on to cla­ri­fy scope of over­se­as data warrants 

On March 23, 2018, Donald Trump signed the Cla­ri­fy­ing Law­ful Over­se­as Use of Data Act (CLOUD Act). The Cloud Act cla­ri­fies what was unclear under the Stored Com­mu­ni­ca­ti­ons Act (SCA): elec­tro­nic com­mu­ni­ca­ti­ons ser­vice pro­vi­ders and remo­te com­pu­ting ser­vice pro­vi­ders are expli­ci­tly requi­red to comply,

USA v. Micro­soft: Reply Brief of the USA 

In United Sta­tes v. Micro­soft Cor­po­ra­ti­on, a case pen­ding befo­re the U.S. Supre­me Court invol­ving the release of data stored by a Micro­soft sub­si­dia­ry in Ire­land, the U.S. filed its Reply Brief in respon­se to Microsoft’s petition.