Cloud Computing, the obligation to protect our personal data

The XXI century is known as the century of changes, specifically for the "Digital Revolution", or also known as the "Third Industrial Revolution", being a progress that has not stopped.

This revolution adds to new technologies, such as analog, mechanical and electronic, a new technology, the so-called digital technology. Even, this new technology sometimes comes in replacement of any of the mentioned.

In times of information revolution and the incorporation of new technologies in the business field, the main challenge that companies face is to guarantee privacy, by protecting our personal data.

With these changes, new terms and purposes emerge. One of them is the Cloud Computing or cloud computing, which arises from the need of users due to the increase in the amount of data on file and the media used as support.

El Cloud Computing Cloud computing can be defined as a set of large-scale computing resources distributed in a high-speed network and that can be consumed on demand.

In other words, it is a service that is provided through the internet, through which it is allowed to have access to a network that absorbs information on its servers and makes it available to its users when they require it.

In this sense, it can be affirmed that the services of Cloud Computing they manage, process and store personal and / or sensitive user data on servers managed by a third party, providing such services in compliance with a contract.

In Peru, we are not oblivious to this information revolution, the Law on Protection of Personal Data (Law No. 29733) establishes in its article 30 that, “on behalf of third parties, personal data processing services are provided, These cannot be applied or used for a purpose other than that contained in the contract or agreement concluded or be transferred to other people, not even for their preservation¨.

This is why the processing of personal data in the Cloud Computing It may be outsourced by the person responsible for the processing of personal data, as long as its compliance and security are ensured.

It is important to ensure that the provider complies with the security requirements, an affirmative statement is not enough, but rather go beyond the norm, following the provisions of the Law on Data Protection and Guarantee of Digital Rights (LOPDGDD), new European regulations for the protection of personal data, and apply the principle of accountability, requesting a certificate of compliance, and thus ensuring effective compliance with the standard with adequate protection of personal data.

Now, the question is: is there an international transfer of my personal data? Indeed, this phenomenon is known as cross-border flow, in which personal data travels to a country other than the country of origin of the personal data to be stored in those already known: Data Centers or Data Center, which can be located anywhere in the world. The Data Center is the physical location where the necessary resources of a company or a service provider are concentrated. Cloud Computing to store the information. Much of the data we handle today ends up being stored in these spaces, in what many call "the cloud" as a generic term.

Article 15 of the Personal Data Protection Law, modified by Legislative Decree 1352, establishes that the owner and the person in charge of processing personal data must carry out the cross-border flow only if the recipient country maintains adequate levels of protection. In the event that the receiving country does not have an adequate level of protection, that is, it does not have a personal data protection regulation, the issuer of the flow must guarantee that the processing of personal data is carried out in accordance with the regulations national.

It is very important to determine where the provider stores and manages our information. The recommendation is to host the information in countries that have a secure regulatory framework, such as the United States or the European Union.

Thus, the National Authority for the Protection of Personal Data must be informed by the owner of the personal data bank when hiring a hosting that it is based in another country, since a cross-border flow would be taking place and, therefore, an adequate treatment of the data must be guaranteed, also having the consent of the owner of the data for its transfer.

Finally, the cloud computing It brings us multiple advantages to users when storing information in the cloud, such as the possibility of storing information virtually, the reduction of costs for physical storage, the ease of exchanging information from different parts of the world and from my point of view the most important, its storage system of unlimited capacity.

If the companies that store our personal data do not adequately protect our data, they could expose our information causing irreversible damage. A recent example, what happened between Facebook and Cambridge Analytica could happen again, in which the British consultant manipulated 50 million Facebook users to influence personalized messages during the electoral campaign of the current President of the United States, Donald Trump.

However, there are still many gaps and problems related to the protection of our personal data. The Government will have to adopt more drastic measures and according to the technological developments regarding information and privacy.

An example to adopt, with the new European data protection regulations, Europe and the United States signed the agreement for the safe and efficient transfer of personal data, under the Privacy Shield that supposes a privacy shield between both normative spaces.

According to different surveys by different media, it is speculated that in the short term a specific international regulation for the storage and treatment of data in the cloud will be presented, and in this way, the user will feel more secure and safe unless your information goes to be safe and backed by international regulations.

- Advertising Notice-
Eduardo Linares
Eduardo Linares is a lawyer from the University of Lima, with specialization studies in Legaltech & Startups from the IE Law School (Spain). His professional training is focused on consulting on Personal Data Protection, New Technologies and Startups. Currently, he is responsible for the Corporate Governance & Compliance area of ​​the international firm Ontier Peru. He has been Director General of Athina Magazine, and is currently an extraordinary member of the Athina Iuris Civil Association.


1,204Happy fans
es Spanish