Some of the world’s largest tech giants — Amazon, Google, Microsoft, IBM, Salesforce/Slack, Atlassian, SAP, and Cisco — have joined forces to establish the Trusted Cloud Principles in what they are claiming is their commitment to protecting the rights of their customers… Some of the specific principles that have been founded by the signatories include governments should seek data directly from enterprise customers first, rather than cloud providers, other than in “exceptional circumstances”; customers should have a right to notice when governments seek to access customer data directly from cloud service providers; and there should be a clear process for cloud providers to challenge government access requests for customers’ data, including notifying relevant data protection authorities, to protect customers’ interests.
Also outlined in the principles is the point that governments should create mechanisms to raise and resolve conflicts with each other such that cloud service providers’ legal compliance in one country does not amount to a violation of law in another; and governments should support cross-border data flows. At the same time, the cloud service providers acknowledge that under the principles they recognise international human rights law enshrines a right to privacy, and the importance of customer trust and customers’ control and security of their data. The signatories also said they commit to supporting laws that allow governments to request data through a transparent process that abides by human right standards; international legal frameworks to resolve conflicting laws related to data access, privacy, and sovereignty; and improved rules and regulations at the national and international levels that protect the safety, privacy, and security of cloud customers and their ownership of data…
The Trusted Cloud Principles come days after a separate data cloud framework was stood up between Amazon Web Services, Google, IBM, Microsoft and other major tech giants, plus the EDM Council, a cross-industry trade association for data management and analytics. Under the Cloud Data Management Capabilities (CDMC) framework there are six components, 14 capabilities, and 37 sub-capabilities that sets out cloud data management capabilities, standards, and best practices for cloud, multi-cloud, and hybrid-cloud implementations while also incorporating automated key controls for protecting sensitive data.