Privacy Level Agreement

Meeting Minutes 23 April 2024+Reminder of Tomnorrow's Call

  • 1.  Meeting Minutes 23 April 2024+Reminder of Tomnorrow's Call

    Posted May 08, 2024 10:07:00 AM
    Edited by Marina Bregkou May 08, 2024 10:08:12 AM

    Dear members,

    Below you can find the minutes from our resumed working group call on the 23rd of April.

    The team discussed the adoption of the European Cloud Code of Conduct by CSA and the potential distribution of this working group to other groups, that might have a privacy focus. A second option was 
    creating a mapping document between the CSA Code of Conduct and new EU code of conduct to ease the  transition for the organizations that had originally implemented the CSA CoC.

    Implementing CSA Code of Conduct Transition
    Two main activities for the group, were proposed: one that could be started immediately and another more general one. The first activity is to implement the transition from the CSA Code of Conduct to the European Cloud Code of Conduct. The second activity, still in the planning stage, is to establish a PLA working group to serve as a shared resource for other groups requiring data protection expertise. Paolo suggested creating a privacy report to showcase the group's work, which would need to be experimentally evaluated for feasibility. The group agreed to proceed with the first activity and to consider the second one based on future workload and needs.

    Code of Conduct Controls and Gaps Discussion
    Martim presented a plan to list all code of conduct controls in one column, followed by a column for working group members to identify scope and gaps. This approach was to be the same as the CCPA mapping. Mark discussed the potential of using this method to identify how many organizations might benefit from the new scope. Louis found value in finding gaps and mapping.

    Balancing Privacy and EU Code Adoption
    Louis expressed concerns about the team losing focus on privacy matters. He emphasized that privacy is a crucial aspect of governance and that the team has members with expertise in this area. Louis suggested that the team should continue to prioritize privacy issues while also contributing to other teams, especially those dealing with legislation. He highlighted the importance of balancing tasks to avoid overloading the team.

    Working Group's Shift to Privacy Focus
    The group agreed that the current mapping of the CSA code and the EU one should be the final mapping activity. After this exercise, the group plans to concentrate on broader privacy topics across CSA's various working groups.

    Next steps:
    Martim, Isabella, and Jacopo will set up a comparison table for this mapping, assigning specific controls to individuals. It will be a comparison table between the CSA Code of Conduct controls and the European Cloud Code of Conduct. The group will then review the initial findings, similar to previous mapping efforts.

    Next working group call:
    Date: Thursday, 9 May
    Time: 08:00 a.m PDT / 11:00 a.m. EDT / 15:00 GMT
    URL: (Meeting ID:
    829 8738 2695, Passcode: 794440)

    Kind regards,

    Marina Bregkou,
    Senior Research Analyst,