Nota bene: the development of the Data Protection Code of Conduct for Cloud Service Providers should be regarded as work-in-progress and this version of the document may still undergo further changes. The C-SIG should consider the WP29's opinion published in October 2015 and integrate the WP29's recommendations into a final version of the Code.
The C-SIG sub-group on the Data Protection Code of conduct was set up in April 2013 and the working group is joint chaired by DG Connect and DG Justice.
The draft Code of conduct focuses strongly on improving transparency and facilitating the understanding by cloud customers of data protection issues and of how they are addressed by the cloud service providers. The Code of conduct on Data Protection for Cloud Service Providers was submitted to the Article 29 Data Protection Working Party (WP29) for their opinion on behalf of the C-SIG on 19 January 2015, pursuant to articles 27 and 30 of the Data Protection Directive (95/46/EC).
Codes of Conduct are explicitly recognised and encouraged in the General Data Protection Regulation, as they complement the implementation of the law by providing guidance and clarity to providers and users alike. These instruments, like to the Code of conduct for cloud service providers, are flexible and are regarded as particularly appropriate for new technologies such as cloud services because of the various challenges arising from the rapidly changing nature of the technology and the services provided on the basis of those technologies.