cloud gdpr

Cloud Industry Unites to Create Global Standard for Transfer of Personal Data following ‘Schrems II’ ruling

The creators of the data protection market standard for cloud, the EU Cloud Code of Conduct (CoC), today announced work is underway on a proposed legal solution for the transfer of personal data outside the EU. Once approved by data protection authorities, the solution could be an alternative to the recently annulled EU-U.S. Privacy Shield, previously relied on by thousands of businesses who now face disruption and uncertainty when transferring EU citizens’ data across the Atlantic.

The EU Data Protection Code of Conduct for Cloud Service Providers (“EU Cloud Code of Conduct”) defines clear requirements for Cloud Service Providers acting as “processors” under the General Data Protection Regulation (GDPR) and is adopted broadly by the cloud market. While the official approval of the current Code by the European Data Protection Board (EDPB), comprised of national Data Protection Authorities (DPAs), is pending, the EU Cloud Code of Conduct General Assembly today announced in a virtual press conference the creation of a new module to the Code for transferring personal data outside of the EU.

The announcement comes only weeks after the recent European Court of Justice’s so-called “Schrems II” ruling which invalidated the data exchange mechanism between the US and the EU (Privacy Shield). The ruling also imposed strict obligations on companies that rely on transfers of personal data to non-EU countries by Standard Contractual Clauses.

The EU Cloud CoC General Assembly invites interested Cloud Service Providers (CSPs) and cloud-users to join the initiative and to contribute to the development of the module, thereby shaping the future legal basis to transfer EU citizen’s personal data to third countries around the world.


The EU Cloud CoC is the only Code covering the full spectrum of cloud services (SaaS, PaaS, IaaS) currently discussed at the European Data Protection Board (EDPB), made up of national Data Protection Authorities (DPAs). The EU Cloud CoC General Assembly consists of world-leading (CSPs) as well as small and medium-sized companies.

SCOPE Europe acts as the independent Monitoring Body of the Code and has already prepared its procedures to effectively monitor adherent Cloud services, applying the same principles and procedures now under the current version of the Code, pending the endorsement of the Code and its official approval by supervisory authorities.

Source: EU Cloud CoC

Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on print
Share on email

Latest Blog Posts