In June 2012, the CNIL issued practical recommendations for French organizations, in particular SMEs, which consider using Cloud computing services. The CNIL also suggested some model contractual clauses, which can be included in Cloud service agreements. A year later, the CNIL reminds organizations the key steps to guarantee confidentiality of personal in the Cloud.
Since 1 January 2013, providers making massive international data transfers on-behalf of their clients can implement “BCR for processors”. This new tool is aimed at framing data transferred within the group of a provider acting as a processor in the context of contracts of services entered into with its clients acting as controllers.
At the end of January 2013, representatives of the Article 29 Working Party (hereinafter WP29), and of the Asia-Pacific Economic Cooperation (hereinafter APEC), have met for the first time in Jakarta in order to develop a tool that would allow to govern data flows between Europe and the Asia-Pacific area.