Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Proposal for Eu Data Protection Regulation
Conclusions
References
All Topics
Law
Jurisprudence

Application of Data Protection Concepts to Cloud Computing

Profile image of Denitza ToptchiyskaDenitza Toptchiyska

Abstract

The fast technological development and growing use of cloud computing services require implementation of effective legal infrastructure in order to deal with the privacy and data security implications that are raised.

Related papers

A cloudy future for data protection: an investigation into the data protection regulation in cloud computing settings
Denitsa Hazarbassanova
View PDFchevron_right
The European Strategy for Cloud Computing Harmonization of Technical and Legal Rules
Vincenzo Ambriola

2014

Cloud computing is an emerging technology that aims to reduce the cost of software services and resources. The basic idea is to move computational power and data storage from the client to the server, thus improving quality of service, enhancing safety levels, and allowing a better allocation of resources. The widespread diffusion of Internet and the rapid acceleration of the use of smart mobile devices have shown that cloud computing solutions are not only possible but somehow inevitable. In this new scenario the European Union has developed a strategy for adopting cloud computing and exploiting its potential. In this paper we present the theme that characterizes this strategy: harmonization of technical and legal rules. The focus on legal rules is of paramount importance for the profound impact that cloud computing can have on our society. We will discuss the following aspects related to data stored in the cloud: access and integrity, property, storage and transfer. Particular attention will be devoted to the adoption of cloud computing in the public administration.

View PDFchevron_right
Privacy Regulations for Cloud Computing
Thenmozhi Tandabany

homepage.tudelft.nl

View PDFchevron_right
Judicial Frameworks and Privacy Issues of Cloud Computing
Pritesh Patil

2013

Cloud Computing a leading and getting widely adopted technology in industry, unveils some unprecedented challenges to security of company’s resources such as capital and knowledge based assets. Hither to no much attention has been paid by the governments and there is neither any universal standard adopted, nor any breakthrough to take up these challenges. Traditional contracts and licensing agreements may not provide adequate legal resources and remedies normally associated with the layers of protection for corporations. Intellectual Property, Foreign Direct Investments (FDI) and corporate governance issues have to be fully explored and practiced in domestic and international markets. So this paper discusses the need of establishment of Law and judicial framework of policies to the services embedding cloud computing technology, besides this it also addresses legal issues and existing policies adopted by different countries.

View PDFchevron_right
CLOUD COMPUTING AND PRIVACY REGULATIONS: AN EXPLORATORY STUDY ON ISSUES AND IMPLICATIONS
Tgk Vasista

Considerable amount of cloud computing technology is already being used and developed in various flavors. Cloud Computing affects people, process and technology of the enterprise. In spite of having benefits with Cloud computing paradigm such as efficiency, flexibility, easy set up and overall reduction in IT cost , cloud computing paradigm could raise privacy and confidentiality risks. "Not all types of cloud computing raise the same privacy and confidentiality risks. Some believe that much of the computing activity occurring today entirely on computers owned and controlled locally by users will shift to the cloud in the future" . In Cloud computing, users connect to the CLOUD, which appears as a single entity as opposed to the traditional way of connecting to multiple servers located on company premises. Public Private Partnership these days is a usually adopted pattern of governance to meet the diverse needs of their citizens with confidence and providing quality of these services. Cloud Computing Technology can also act as a facilitator between public and private partnership. In such cases there is a possibility that an external party can be involved in providing Cloud Services having partial control over the data storage, processing and transmission of data and privacy regulations become relevant . Cloud computing has significant implications for the privacy of personal information as well as for the confidentiality of business and governmental information. A survey by EDUCAUSE involving 372 of its member institutions revealed that a great proportion of the respondents with use cases that involved cloud-based services reported that data privacy risks and data security risks were among their top barriers to overcome . A principal goal of this paper is to identify privacy and confidentiality issue that may be of interest and concern to cloud computing participants and users . Thus this paper explores to elicit possible issues and regulations in the area of privacy that affect the implementation of Cloud Computing Technologies.

View PDFchevron_right
Privacy Regulations for Cloud Computing: Compliance and Implementation in Theory and Practice
Yves Poullet

Computers, Privacy and Data Protection: an Element of Choice, 2011

View PDFchevron_right
Cloud Computing Environment-Legal Obstacles
Sumeet Vinchurkar

As today's world deals with the moving and handling of the big data, and securing such data through legal implication is important. Cloud means providing services on large volumes that can migrate through national borders. As the legal issues are the uncertain as it varies different for different localities, business and technologies. This paper deals with the legal issues to provide privacy to data in cloud environment and suggest the integrated solution certainty and clarity to the legal uncertainties pertaining to data.

View PDFchevron_right
The Problem of 'Personal Data' in Cloud Computing - What Information is Regulated? The Cloud of Unknowing, Part 1
Christopher Millard

SSRN Electronic Journal, 2000

† Cloud computing service providers, even those based outside Europe, may become subject to the EU Data Protection Directive's extensive and complex regime purely through their customers' choices, of which they may have no knowledge or control.

View PDFchevron_right
Who Controls the Cloud?
Ronald Leenes

2010

This article addresses some of the data protection issues at stake in cloud computing: more specifically the question of responsibility regarding personal data processing in cloud computing scenarios from an EU perspective. How are the different schemes to be assessed in light of Directive EU/95/46? And are the notions of data controller, data processor, and data subject, as defined in this Directive, still useful? The conclusion of this analysis is that cloud computing scenarios have to be assessed on an individual basis and that the protection the Directive offers to data subjects is often unsatisfactory.

View PDFchevron_right
A Comprehensive Review on Ethical Considerations in Cloud Computing-Privacy, Data Sovereignty and Compliance
Ankur Mahida

Journal of artificial intelligence & cloud computing, 2022

View PDFchevron_right

References (35)

  1. UN, Information Economy Report 2013, The Cloud Economy and Developing Countries available at http://unctad.org/en/PublicationsLibrary/ier2013_en.pdf (accessed 25.04.2014)
  2. Gasser U. (2014), Cloud Innovation and the Law: Issues, Approaches, and Interplay, Berkman Center, online at Series: http://cyber.law.harvard.edu/research/cloudcomputing (accessed 25.04.2014)
  3. European Commission (EC), "Unleashing the Potential of the Cloud in Europe," COM(2012) 529, Brussels, 27.9.2012
  4. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995
  5. Article 29 Data Protection Working Party, Opinion 1/2010 on the concepts of "controller" and "processor" -WP 169 (16.02.2010)
  6. Robinson N., Graux H., Botterman M., and Valeri L. (2009), Review of the European Data Protection Directive online at http://www.hideproject.org/downloads/references/review_of_eu_dp_directive.pdf (accessed 25.04.2014)
  7. Article 29 Data Protection Working Party, Opinion 1/2010 on the concepts of "controller" and "processor" -WP 169 (16.02.2010)
  8. Art. 2 (d) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995
  9. Art. 2 (e) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995
  10. Art. 30 of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995
  11. Article 29 Data Protection Working Party, Opinion 10/2006 on the processing of personal data by the Society for Worldwide Interbank Financial Telecommunication (SWIFT), WP128 (November 22, 2006)
  12. Article 29 Data Protection Working Party, Opinion 10/2006 on the processing of personal data by the Society for Worldwide Interbank Financial Telecommunication (SWIFT), WP128 (November 22, 2006), p. 11
  13. Article 29 Data Protection Working Party, Opinion 10/2006 on the processing of personal data by the Society for Worldwide Interbank Financial Telecommunication (SWIFT), WP128 (November 22, 2006), p. 12
  14. Article 29 Data Protection Working Party, Opinion 1/2010 on the concepts of "controller" and "processor" -WP 169 (16.02.2010)
  15. Art. 2 (d), sent. 2 of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995
  16. Art. 17 (3) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995
  17. Article 29 Data Protection Working Party, Opinion 05/2012 on Cloud Computing, WP 196 (July 1, 2012)
  18. Irion K. and Luchetta G.,(2013) Online personal data processing and EU data protection reform online at http://www.ceps.eu/book/online-personal-data-processing-and- eu-data-protection-reform (accessed 25.04.2014), p. 46
  19. Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (notified under document C(2010)593)
  20. Article 29 Data Protection Working Party, Ref. Ares(2014)1033670 -02/04/2014, online at http://ec.europa.eu/justice/data-protection/article-29/documentation/other- document/files/2014/20140402_microsoft.pdf (accessed 09.05.2014)
  21. Harrison J.,EU Data Protection Authorities Endorse Microsoft's Cloud Computing Agreement, online at https://www.scl.org/site.aspx?i=ed36831 (accessed 09.05.2014)
  22. EC, "Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation," Brussels 25.1.2012, COM(2011) 11 final
  23. European Parliament legislative resolution of 12 March 2014 on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 -C7-0025/2012 - 2012/0011(COD)) (Ordinary legislative procedure: first reading)
  24. EC, "Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation," Brussels 25.1.2012, COM(2011) 11 final, art. 3
  25. EC, "Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation," Brussels 25.1.2012, COM(2011) 11 final, Recital 15
  26. Opinion of the European Data Protection Supervisor on the Commission's Communication on "Unleashing the potential of Cloud Computing in Europe" (16.11.2012)
  27. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD, 1980 as revised in 2013), art. 1(a)
  28. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD, 1980 as revised in 2013), par. 16
  29. Schwartz P.(2013), Information Privacy in the Cloud online at http://scholarship.law.berkeley.edu/facpubs/1906/ (accessed 25.04.2014)
  30. Sotto L., Treacy B., and McLellan M. (2010), Privacy and Data Security Risks in Cloud Computing online at http://www.hunton.com/files/Publication/4845e31f-63d8-4f9a- 9a36-a074e4170225/Presentation/PublicationAttachment/6f52b2fd-2973-48cc-9f23- c941f1e19358/Privacy-Data_Security_Risks_in_Cloud_Computing_2.10.pdf (accessed 25.04.2014)
  31. 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce
  32. 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce
  33. 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce
  34. Kuner Ch. (2008), Membership of the US Safe Harbor Program by Data Processors online at http://www.huntonfiles.com/files/webupload/CIPL_Safe_Harbor_3.08.pdf (accessed 25.04.2014)
  35. APEC Privacy Framework (APEC, 2004)

Related papers

Keeping Up with the Clouds - Revealing the Discrepancy between the Realities of Cloud Technology and European Data Protection Law
Emerald de Leeuw

Data protection concerns have been identified as one of the most serious barriers for the deployment and development of cloud computing. 1 There is a general lack of regulation and policy on a European (EU) level. The Data Protection Directive (DPD) is currently under revision and will be replaced with a regulation in the near future.

View PDFchevron_right
Regulatory Impact of Data Protection and Privacy in the Cloud
Sakshi Porwal

IFIP Advances in Information and Communication Technology, 2011

The use of cloud computing services has developed into a new method for deploying software and services and hosting data. The model has provided enormous social and economic benefits but at the same time it has also created potential privacy and security challenges for businesses, individuals and the governments. For example, the use of shared compute environment, data storage and access via internet has made information vulnerable to misuse, and thus, has made privacy a major concern for organisations adopting cloud services for storage and computation purpose. Generally, each country maintains their own laws and regulations to prevent frauds and protect their citizens from harm, including the potential dangers of data privacy, essential when internet and related technologies are involved. The European Union, for example, follows the overarching governmental regulations while the United States prefers the Sectoral Approach to Data Protection legislation, which relies on the combination of legislation, regulation and self regulation. This report discusses data protection issues related to cloud computing and identifies privacy laws enforced in the EU that can be applied to this model. Moreover, it also provides recommendations that cloud service providers can consider to implement in order to provide enhancements to their services and to demonstrate that they have taken all necessary measures to comply with the data protection principals in place.

View PDFchevron_right
Regulation and Protection of Cloud Computing: Literature Review Perspective
Maskun Maskun

Jambura Law Review, 2021

Cloud computing is one of the developments of the internet of things. It cansay that it is a new industry in era revolution 4.0. particular to store data,including customer data privacy. The research aims to determine someregulations and protection of cloud computing at either international ornational levels. The research methods are normative legal research whichapplies some regulations both international and national legalinstruments. The research results show that some internationalinstruments can be seen in general and specific international instruments.The general instruments are such as the Universal Declaration of HumanRights 1948 (UDHR) and International Covenant on Civil and PoliticalRights 1996; the specific instruments are such as OECD GuidelinesGoverning the Protection of Privacy and Transborder Flows of PersonalData, 1980, Council of Europe Convention for the Protection of Individualsconcerning the Processing of Personal Data, 1981, and United NationGeneral Assembly Res...

View PDFchevron_right
Data Protection and Cloud Computing: A Need for Adequate Regulation
Adam Assahli

This paper explores whether current EU data protection legislation is adequate to tackle the issues presented by cloud computing and the transfer of data by such means.

View PDFchevron_right
Impact of EU Data Protection Laws on Cloud Computing
Morgan Eldred

Delivery and Adoption of Cloud Computing Services in Contemporary Organizations

The global nature of cloud computing has resulted in emerging challenges, such as clashes between legal systems, cultural differences, and business practice norms: cloud-computing is at the forefront of recognising, and “smoothing over,” emergent differences between nation states as we move towards a more globally connected world. This chapter uses the emergent differences over regulation governing data protection; as the world becomes more interconnected, we are likely to see more examples of technology practices and models sweeping around the globe, and raising further areas for clashes between nations and regions, much like the fault lines between tectonic plates. This chapter provides contribution by capturing some emergent “fault lines” in an in-depth case study comparing the evolving EU directives covering data protection and how they relate to non-EU data protection legal systems. This provides the foundations to consider cloud-computing challenges, inform policymakers in mea...

View PDFchevron_right

Related topics

  • Legal Theory
  • Legal Philosophy
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved