I hope all those who like to imbibe on the cloudy-flavoured Kool-aid have been following the news on the Euro-US 'Safe Harbour' agreement, are aware it has now been ruled invalid, and have considered the implications for your fluffy accounts.
I'm probably going to oversimplify here, but in summary:
Safe Harbour (or according to the Overpuddlians, Safe Harbor) is an agreement in place (since around 2000?) because the US doesn't have strong data protection rules in place like we do in Euroland. Its purpose is to ensure any data held by Overpuddlian companies on Europeans is protected as though it were held in Europe, by a European company.
It's been under a microscope for a couple of years as a result of some of the Snowden revelations, which led to an Austrian chap raising a complaint about Facebook with the Irish data protection bods, and from there it was kicked up to the European Court of Justice.
And the ECJ has ruled it invalid.
When it comes to accounting and bookkeeping: Your clients might be limited companies, but it's not just their data you are storing in an accounts package, it's also data on suppliers and customers (any of whom might be individuals and sole traders, with the latter having the same protections as the former) and employees (who by definition are individuals).
So, where is your cloudy accounts provider based? Where are their data centres?
If the answer is Overpuddle, you may be doing so based on a US-Euro legal agreement to protect that data that has been found to do anything but, meaning the data on any individuals and sole traders stored in your clients' accounts has never been fully protected in law as it should be.
__________________
Vince M Hudd - Soft Rock Software
(I only came here looking for fellow apiarists...)
Very interesting piece of news Vince. I dont use Cloud software, but as Michelle I do use Dropbox as a backup. Of course both Googledrive and Dropbox are Overpuddlian based! So we could now be working outwith the DPA - would like to see the commentary on this one from the ECJ.
__________________
Joanne
Winner of Bookkeeper of the Year 2015, 2016 & 2017
Thoughts are my own/not to be regarded as official advice,which should be sought from a suitably qualified Accountant.
You should check out answers with reference to the legal position
I've only been following the overall case, so I don't know anything about what specific companies are doing - I can only speculate, as follows:
Since this has been on the cards for a while (the case started a couple of years ago) it's very likely the global megacorps have been planning for either outcome.
That would definitely include Google. I would expect them to have it covered by technical means: I'm sure Google have data centres in Europe (almost certainly Ireland), so compliance for them simply means ensuring their software keeps Euro-data on Euro-soil.
I wouldn't put Dropbox into the global megacorps category as yet - but they're big enough that I would expect them to apply a similar technical solution to Google. In fact, thinking about it now, I'm sure I remember reading that Dropbox actually use Amazon's cloudy stuff for their back-end. And I'm dead certain that Amazon, like Google, have data centres on this side of the puddle - so will probably have employed the same solution as Google.
It'll be ditto for the likes of Facebook, Microsoft, Apple... all the really big names.
It's smaller outfits that are the real concern - and with cloudy accounts being a niche area in the overall field, I'd label most cloudy accounts providers as smaller outfits.
__________________
Vince M Hudd - Soft Rock Software
(I only came here looking for fellow apiarists...)
I saw this on the BBC news website yesterday and did ponder posting something in the Sage One thread (Who piggy back on Google). But I felt that I was just picking on one where the issue is far wider.
The issue basically comes down in Europe (where the users are) we have stong data protection legislation. In the US (where the servers are) they have strong freedom of information legislation.
The NSA has been using the US freedom of information legislation to harvest whatever information that they want. As such is it not a case that the people in Europe are the one's liable because it is they who allowed the data to be stored in a less secure environment (America).
Considering the outcome of this case and the costs involved in building server farms in Europe should this not mean that the cloud is now dead as its basically illegal to use it if you cannot show that your data is at no risk of being transferred to the US?
__________________
Shaun
Responses are not meant as a substitute for professional advice. Answers are intended as outline only the advice of a qualified professional with access to all relevant information should be sought before acting on any response given.
Going to be interesting to see how this plays out - some of the cloud companies have US based Data centres eg Xero whereas others are UK based - Freeagent. You can usually check on their website in their privacy policy. Looks like Dropbopx uses US based data centres
