WHAT IS THE CPC NETWORK?
Following the advancement of European data protection legislation with the entering into force of the GDPR, the elimination of geo-blocking, and the establishment of the ePrivacy framework and the new Electronic Communications Code, it may be expected that businesses, regulators, individuals, and advisors will enter a new era of treating data flows and data protection.
Having considered these trends, EuroCloud established a network of independent lawyers and IT specialists with the aim of analysing and guiding the practical impact of this evolution of European practice in applying the various regulations relating to data, and especially to personal data.
As a result, the CPC Network was founded by EuroCloud Europe in 2015 with the main focus of identifying simplified solutions for dealing with data in a cloud environment and making them available to the public. The CPC is a trusted, not-for-profit international network of qualified legal and IT professionals who deliver simplified and straight-forward guidance to help navigate the legal and regulatory environment relating to privacy and the cloud. This is done through collective know-how, research and market analysis gained from pan-European industry activity, collaboration and experience. The mission is to provide authoritative views, information and practical solutions to two principal stakeholders: industry professionals and public authorities.
Over the past years, the CPC Network has compiled and released more than 200 short treatises dedicated to improving understanding of legal and practical aspects of data, technology, and the relation between them. In addition, the CPC Network has launched the Internet platform www.cloudprivacycheck.eu, as part of eurocloud.org an independent web resource dedicated to another way of optimizing the time of all people involved with data protection—namely to understanding data transfers in the cloud in four simple and easily identifiable steps. The above material has attracted several hundred thousand readers from all over the world.
The CPC Network’s plan for 2019 is to further elaborate on certain practical aspects of data protection. A CPC group tentatively entitled “Joint Controllers and Processors as per the GDPR” is in the process of drafting materials covering case studies in various industries as well as some thoughts on how to treat different business flows from a data protection perspective.
The main idea of this group is to identify and explain various issues caused by the assignment of roles in a data processing relationship with multiple participants. In its preliminary studies, the group has come to the conclusion that a unified approach cannot be adopted and that each such relationship must be dealt with on an individual basis.
The group is seeking appropriate mechanisms to propose the compilation of guidance documents to make it easier for companies to settle their role assignments when dealing with a controller-processor or joint controller relationship.
A second CPC-Sub-group of EuroCloud Europe will undertake to create a European database of data-breach-related DPA decisions and court judgments. The CPC Network intends to gather information on the volume, type and business sectors of occurring data breaches as well as the regulatory response to data breach notifications, and to draft a relevant report. Furthermore, to the extent it is possible, the CPC Network will undertake to create a concise database of data-breach-related DPA decisions and court judgments.
Dr. Tobias Höllwarth (EuroCloud Europe)
Vienna, 21th of January 2019