SaaS Agreements – Data Protection – Which law applies?

UK SaaS suppliers who provide cloud computing services to SaaS customers located outside of the UK are increasingly being required to comply not just with UK data protection law, but also the data protection laws of the countries in which the SaaS customer and its clients are based. This increasingly creates problems for SaaS suppliers, as data protection laws generally assume that data is stored/processed in one place. However when operating in the cloud data is often moved between jurisdictions and often it may be unclear exactly where data is being stored or processed and who is storing and processing it.

Two recent cases against Facebook and Google show the extent of this developing problem.

Continue reading

SaaS Agreements – Data Protection – Microsoft must disclose data on EU server

Many SaaS customers falsely believe that if their SaaS data is stored in a data centre located in the EU it will be protected against disclosure to the US authorities. This is incorrect. The recent US court ruling against Microsoft has confirmed the position, namely that SaaS suppliers and SaaS customers who use data centres located in the EU, owned by US companies, cannot prevent US authorities from accessing their data.

Continue reading

SaaS Agreements – FAQs – Prism

In light of recent and ongoing “prism” revelations, SaaS suppliers are having to deal with numerous queries about the safety of SaaS customer data. Many customers mistakenly believe that by using a non-US data centre their SaaS customer data is safe against disclosure to the US authorities. Below is a summary of the most common concerns being raised by SaaS customers.

Continue reading