Abstract

http://ssrn.com/abstract=2424998
 


 



The FTC and Privacy and Security Duties for the Cloud


Daniel J. Solove


George Washington University Law School

Woodrow Hartzog


Samford University - Cumberland School of Law; Stanford Law School Center for Internet and Society

April 14, 2014

13 BNA Privacy & Security Law Report 577 (2014)
GWU Law School Public Law Research Paper No. 2014-28
GWU Legal Studies Research Paper No. 2014-28

Abstract:     
Increasingly, companies, hospitals, schools, and other organizations are using cloud service providers (and also other third party data service providers) to store and process the personal data of their customers, patients, clients, and others. When an entity shares people’s personal data with a cloud service provider, this data is protected in large part through a contract between the organization and the cloud service provider. In many cases, however, these contracts fail to contain key protections of data. Because the consumer is not a direct party to these contracts and often cannot even have access to these contracts, the consumer is often powerless, and the consumer’s interests are often not adequately represented.

In this short essay, we argue that there is a remedy in Section 5 of the Federal Trade Commission (FTC) Act that prohibits unfair and deceptive trade practices. Certain key cases from the emerging body of FTC enforcement actions on data protection issues can be read together to create a double-edged set of duties – both on the organizations contracting with cloud service providers and on the cloud service providers themselves. Not only does an organization owe a duty to consumers to appropriately represent their privacy and data security interests in the negotiation, but cloud service providers have an obligation to the consumer as well, and cannot enter into contracts that lack adequate protections and controls.

Number of Pages in PDF File: 6

Keywords: privacy, data security, cloud, contract, FTC, Federal Trade Commission, consumer protection law

Accepted Paper Series


Download This Paper

Date posted: April 15, 2014 ; Last revised: August 30, 2014

Suggested Citation

Solove, Daniel J. and Hartzog, Woodrow, The FTC and Privacy and Security Duties for the Cloud (April 14, 2014). 13 BNA Privacy & Security Law Report 577 (2014); GWU Law School Public Law Research Paper No. 2014-28; GWU Legal Studies Research Paper No. 2014-28. Available at SSRN: http://ssrn.com/abstract=2424998

Contact Information

Daniel J. Solove (Contact Author)
George Washington University Law School ( email )
2000 H Street, N.W.
Washington, DC 20052
United States
202-994-9514 (Phone)
HOME PAGE: http://www.law.gwu.edu/facweb/dsolove/
Woodrow Hartzog
Samford University - Cumberland School of Law ( email )
800 Lakeshore Dr.
Birmingham, AL 35229
United States
HOME PAGE: http://cumberland.samford.edu/faculty/woodrow-n-hartzog
Stanford Law School Center for Internet and Society ( email )
Palo Alto, CA
United States
HOME PAGE: http://cyberlaw.stanford.edu/profile/woodrow-hartzog
Feedback to SSRN


Paper statistics
Abstract Views: 1,258
Downloads: 235
Download Rank: 75,257

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo7 in 0.531 seconds