Making Cloud SLAs readily usable in the EU private sector
CSP allowing Data Access for Law Enforcement
This use case is from an SME CSP that is quite advanced and knowledgeable about data access requests by authorities, and it is good to consider the do's and don’ts. Most CSPs do not know what to do if access to data is requested from a government authority and may give the government authority the wrong access without assessing such request. Generally, the scope of the formal requests to obtain access is too broad instead of a detailed scope, because the authority does not yet exactly know what kind of data they need to know. However, fishing by the government authorities is not allowed. CSPs needs to check the scope of the request to access and should provide as little information and access as possible, keeping in mind the contractual, ethical and trust relationship they have with their CSC. A CSC expect a CSP to stand up for the rights of the CSC. Furthermore, if a CSP gives access within the scope then it should not affect more data protection infringements than the strictly necessary. Any CSC, SMEs included, should request a detailed data access policy of the CSP itself with the processes and consequences.