They are probably - in my mind - a data processor. You say the cloud company encrypts the data, therefore they are delivered the data in an unencrypted state. The data controller therefore has disclosed the data to this company - if they are not a data processor then they will a recipient of the data for which you then need to find a Schedule 2 legitimizing basis.
If not a data processor, they might be a data controller (depending on the nature of the cloud service - look for eg at the SWIFT case, not a cloud service, but very much "cloud-like" in issues). (My book discusses this argument at length!).
I think a distinction between data and information is a red-herring and an unnecessary complication under English law which does accurately reflect directive 95/46 (or new draft Regulation!) which is more succinct "personal data is any information [not data as in the UK] relating to an individual".
Renzo Marchini
Counsel
Dechert LLP
+44 (0) 20 7184 7563 direct
+44 (0) 20 7184 7001 fax
[log in to unmask]
www.dechert.com
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Paul Ticher
Sent: 03 February 2012 10:11
To: [log in to unmask]
Subject: [data-protection] Is there a difference between data and information?
I have been asked whether a cloud service that encrypts data so that the
staff of the service provider cannot under any circumstances encrypt it is a
Data Processor.
They are definitely 'processing', as they are 'holding' the data and
providing backup and restore facilities which are - I assume - 'operations'.
However, the definition of 'data' says that it is 'information which ...' .
If it is irretrievably encrypted, is it information? If not, it can't be
data. Or is it data because the customer can unencrypt it, even thought the
provider cannot?
Someone somewhere must have answered this already. I'm probably tying
myself in a knot unnecessarily because the common-sense answer is that of
course they are a Data Processor.
Paul Ticher
0116 273 8191
www.paulticher.com
22 Stoughton Drive North, Leicester LE5 5UB
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This e-mail is from Dechert LLP, a law firm, and may contain information that is confidential or privileged. If you are not the intended recipient, please delete the e-mail and any attachments, and notify the sender. Dechert LLP is a limited liability partnership registered in England & Wales (Registered No. OC306029) and is authorised and regulated by the Solicitors Regulation Authority. A list of names of the members of Dechert LLP (who are solicitors or registered foreign lawyers) is available for inspection at its registered office, 160 Queen Victoria Street, London EC4V 4QQ.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|