Cloud computing service providers and providers of outsourcing or offshoring services who process J personal data in, or from, the European Union and European Economic Area generally describe themselves as "data processors" for purpose of the application of the national data protection laws.1 Indeed, some of their services agreements require their customers to agree that the service provider is only a data processor, as defined in the 1995 EU Data Protection Directive. This determination has significant consequences. It places on the customer the entire burden of compliance with the applicable data protection law, which includes, responsibility for the related registrations or requests for permission, interaction with the local Data Protection Authorities, responding to enforcement actions and lawsuits, and responsibility for, and payment of, damages in case of an incident.
展开▼
