CISPE Unveils Cloud Providers Code of Conduct
Time 1 Minute Read
Categories: European Union, International

On September 27, 2016, Cloud Infrastructure Services Providers in Europe (“CISPE”) published its Data Protection Code of Conduct (the “Code”). CISPE, a relatively new coalition of more than 20 cloud infrastructure providers with operations in Europe, has focused the Code on transparency and compliance with EU data protection laws.

Highlights of the code include:

  • a requirement that cloud customers are offered the ability to process and store their data exclusively within the EEA;
  • “Trust Mark” awarded to compliant cloud infrastructure providers, and listing on CISPE website; and
  • a prohibition on the use of customers’ personal data for cloud infrastructure service providers’ own benefit or the sale of such data to third parties.

Currently, cloud infrastructure service providers may demonstrate their compliance with the Code either by certification from independent third-party auditors or by self-certifying compliance. Customers may verify the service provider’s compliance through the CISPE website.

CISPE claims that the Code is based on internationally recognized security standards and is compliant with the requirements of the EU’s General Data Protection Regulation, which comes into force across all EU Member States in May 2018.

Tags: Cloud Computing, Compliance, EU Member States, GDPR, Outsourcing, Personal Data, Service Provider
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 6 Minute Read
NetChoice Files Suit Challenging South Carolina Age-Appropriate Code Design

On February 9, 2026, trade association NetChoice filed a lawsuit challenging South Carolina’s newly passed Age-Appropriate Code Design (“SC AACD”) on First and Fourteenth Amendment grounds. The SC AACD was signed into law on February 5, 2026, making South Carolina the fifth U.S. state to enact such a law, following California, Maryland, Nebraska and Vermont.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Congress Extends Cybersecurity Information Sharing Act of 2015 through September 2026

Congress has extended the Cybersecurity Information Sharing Act of 2015 through September 30, 2026 as part of the Consolidated Appropriations Act, a government funding package enacted in early February 2026.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 4 Minute Read
Data Privacy Day 2026: CIPL Fireside Chat with CPPA General Counsel Phil Laird

On January 27, 2026, the Centre for Information Policy Leadership hosted a fireside chat with California Privacy Protection Agency General Counsel Phil Laird in honor of Data Privacy Day.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page