From Out-Law.com:
Businesses should be prevented from using model contract clauses and binding corporate rules (BCRs) as mechanisms for processing personal data in the cloud because those arrangements do not prohibit US law enforcement bodies from gaining access to that information, it said.
The report, ordered by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE), said that the EU had created “derogations” from traditional rules governing international transfers of personal data that, in a cloud computing context, could not adequately protect the privacy of that information. It said BCRs and model contract clauses were examples of the ‘derogations’ created and that both are were “equally unsuitable to prevent the use of cloud data for surveillance purposes”.
Read more on Out-Law.com