(Il Sole 24 Ore Radiocor) – The application or not of the American Cloud Act to the companies that will deal with the so-called “State Cloud” is one of the issues to be solved in view of the launch of the national strategy on the cloud. The goal is to prevent giants like Google or Microsoft from being forced by the 2018 American law to lift the veil, in some exceptional cases, on the data stored on their servers.
Contrary to those who believe that a diplomatic agreement between Italy and the USA is fundamental (see the jurist Innocenzo Genna on DigitEconomy of 9 September), Massimiliano Masnada, responsible partner of the Privacy and Cybersecurity team of Hogan Lovells in Italy, who assists important cloud computing providers American and international, explains that technical safeguards and guarantees in contracts are enough. “There are first of all – Masnada explains to DigitEconomy.24 (report of the Sole 24 Ore and the Luiss Business School – two main problems: we need to guarantee the security of the Italian cloud and there is the need to protect the data of citizens with respect to a possible further unauthorized transmission activity to third parties. At this point we must ask ourselves: is the Italian cloud able to guarantee the same high security standards as the large international providers? “
Loading…
Global cyber attacks rise by 12% in 2020
The data on cyber attacks, continues the lawyer, are emblematic on this front and show the importance of defending the security of Italians. «In 2020, globally, according to Clusit, (the Italian association for information security) the increase in cyber attacks globally was equal to 12% compared to the previous year. Recently there was the emblematic case of the Lazio Region where, for having left an open program, the data of citizens were stolen ”. From the point of view of safety, in short, «those who guarantee the most protection are those who have acquired enormous experience in this activity. In practice, excellence cannot be sought only in the Italian territory if this excellence is not easily traceable “.
Giving the entire management of the cloud to a US multinational can create problems
The solution? “Giving the entire management of the cloud to an American multinational can create both legal and political problems. In this sense, the intervention of Minister Colao at the Cernobbio meeting was very clear. Instead, it is necessary to reserve the management to a large national entity, accompanying it with supply agreements or partnerships with large providers that can make their great experience and skills available to the Italian provider. To avoid the international scalability of Italian data, adequate safeguards can be set up both from a technical point of view, such as cryptographic keys, and from a contractual point of view, thus obtaining the guarantee that the data will not be further transferred “.
Existing laws are sufficient
In essence, the laws that exist, such as, for example, “the provisions of the EU regulation number 679 of 2016 on the subject of data transfer outside the EU are sufficient in themselves, but at the regulatory level it is possible to create additional frameworks that prevent the accessibility by third parties “. The Cloud Act, the law clarifies, “applies to American providers and, in general, to operators subject to the jurisdiction of the United States who keep data from whoever they come from within their cloud. When cloud and warehouse data are created outside the US jurisdiction, the application of the Cloud Act is already protected. Let’s take an example: if I buy an Italian machine that has components supplied by a foreign group, the management of the components that are part of the machine and of the data is, in general, the prerogative of the manufacturer only and not also of the supplier. The management of the cloud as a whole as well as of the cryptographic keys can be managed from Italy even if provided by a foreign provider. This does not mean that the provider has free access to the data ».