IAPP article: Multiparty computation as supplementary measure and potential data anonymization tool


includes some interesting links, such as

CISPE Cloud CoC – CNIL approves two monitoring bodies

On June 3, 2021, the CNIL approved the first European code of conduct, carried by Cloud Infrastructure Service Providers Europe (CISPE), dedicated to cloud infrastructure service providers (Iaas).

This code of conduct identifies several bodies in charge of monitoring its correct application by members, including the National Metrology and Testing Laboratory (LNE) and Bureau Veritas Italia Spa. – After an instruction and discussion phase, the CNIL decided to issue these two this approval for a period of 5 years from September 23, 2021 for the first and October 7, 2021 for the second. The CNIL will ensure that these approved organizations comply with the standards it has established.
The verifications carried out by approved organizations such as LNE and Bureau Veritas Italia Spa are completely separate from the verification missions carried out by the CNIL in application of the Data Protection Act.

Each code of conduct provides for penalties in the event of non-compliance noted, for example it may be a public exclusion of the member concerned.


Thread on kuketz-forum on Cloudflare and Privacy Notice

(in context of its use by the RKI – www.rki.de )

With link to an action by the Data Protection Authority in Portugal (CNPD – Deliberação/2021/533) from 27.4.2021:

The RKI has adjusted their privacy notice:

Content Delivery Network
Zur Einbindung von Skripten und Bibliotheken auf dieser Webseite setzen wir ein sogenanntes Content Delivery Network (CDN) der Firma Cloudflare, Inc., 101 Townsend Street, San Francisco, California 94107, USA (“Cloudflare”) ein. Content Delivery Networks haben den Zweck, Ihnen die Inhalte dieser Website schnell und optimiert zur Verfügung zu stellen und Angriffe, wie z.B. DDos-Attacken, besser abzuwehren. Zu diesen Zwecken werden die zuvor genannten Zugriffsdaten bei jeder Nutzung dieser Website an den nächstgelegenen Server von Cloudflare weitergeleitet. Sofern der Server-Standort, von dem die Inhalte zur Verfügung gestellt werden, in einem Drittland liegt, kommt es insoweit zu einer Übermittlung der zuvorgenannten pseudonymisierten Zugriffsdaten in dieses Drittland.

Die Datenverarbeitung ist erforderlich, um den Besuch der Website zu ermöglichen und um die dauerhafte Funktionsfähigkeit und Sicherheit unserer Systeme zu gewährleisten. Rechtsgrundlage ist Art. 6 Abs. 1 S. 1 lit. b DSGVO. Weitere Informationen zur Datenverarbeitung finden Sie in der „Cloudflare Privacy Policy“.

France (CNIL/ANS): HDS and AWS

Amazon AWS “Hébergeur de Données de Santé” (HDS) overview at https://aws.amazon.com/compliance/hds/

“To be HDS certified, an IT provider must be ISO 27001 certified. This means that the services covered by our ISO 27001 certification are included in the scope of HDS. The AWS services that are in scope for the ISO/IEC 27001:2013 certification can be found on the ISO Certified webpage. ”

“As per the Shared Responsibility Model, AWS’ HDS certification demonstrates the “Security of the Cloud,” enabling customers to focus their resources on items related to “Security in the Cloud” in connection with their HDS certification process.”

HDS details at ANS: https://esante.gouv.fr/labels-certifications/hebergement-des-donnees-de-sante