The US Department of Commerce has issued an opinion statement aimed at clarifying how the US-EU Safe Harbor framework for data protection agreements applies to cloud computing services.

According to a White & Black analysis of the statement, the US-EU framework applies to cloud computing but service providers remain obliged to enter into contracts with EU data controllers.

More specifically, the USDOC opinion statement provides responses to the following issues:

• Is the Safe Harbor is limited to US organisations?
• Does the Safe Harbor act as a substitute for failing to comply with an EU Member State’s national law on data protection?
• Does the Safe Harbor guarantee EU data exporters that appropriate security measures have been applied by US cloud providers?