Abstract

http://ssrn.com/abstract=1783577
 
 

Citations (2)



 
 

Footnotes (215)



 


 



The Problem of 'Personal Data' in Cloud Computing - What Information is Regulated? The Cloud of Unknowing, Part 1


W. Kuan Hon


Queen Mary University of London, School of Law - Centre for Commercial Law Studies

Christopher Millard


Queen Mary University of London, School of Law - Centre for Commercial Law Studies; Oxford Internet Institute

Ian Walden


Queen Mary University of London, School of Law

March 10, 2011

International Data Privacy Law (2011) 1 (4): 211-228
Queen Mary School of Law Legal Studies Research Paper No. 75/2011

Abstract:     
Cloud computing service providers, even those based outside Europe, may become subject to the EU Data Protection Directive's extensive and complex regime purely through their customers' choices, of which they may have no knowledge or control. We consider the definition and application of the EU 'personal data' concept in the context of anonymisation/pseudonymisation, encryption and data fragmentation in cloud computing, arguing that the definition should be based on the realistic risk of identification, and that the applicability of data protection rules should be based on the risk of harm and its likely severity. In particular, the status of encryption and anonymisation/pseudonymisation procedures should be clarified to promote their use as privacy-enhancing techniques; data encrypted and secured to recognised standards should not be considered 'personal data' in the hands of those without access to the decryption key, such as many cloud computing providers; and finally, unlike, for example, social networking sites, Infrastructure as a Service and Platform as a Service providers (and certain Software as a Service providers) offer no more than utility infrastructure services, and may not even know if information processed using their services is 'personal data' (hence, the 'cloud of unknowing'), so it seems inappropriate for such cloud infrastructure providers to become arbitrarily subject to EU data protection regulation due to their customers' choices.

Number of Pages in PDF File: 47

Keywords: Cloud Computing, Data Privacy, Data Protection, EU, European Union, Internet, Legal Issues, Outsourcing, Personal Data, Personal Identifying Information, Privacy

JEL Classification: K2, K20

Accepted Paper Series


Download This Paper

Date posted: March 15, 2011 ; Last revised: March 11, 2014

Suggested Citation

Hon, W. Kuan and Millard, Christopher and Walden, Ian, The Problem of 'Personal Data' in Cloud Computing - What Information is Regulated? The Cloud of Unknowing, Part 1 (March 10, 2011). International Data Privacy Law (2011) 1 (4): 211-228; Queen Mary School of Law Legal Studies Research Paper No. 75/2011. Available at SSRN: http://ssrn.com/abstract=1783577 or http://dx.doi.org/10.2139/ssrn.1783577

Contact Information

W. Kuan Hon (Contact Author)
Queen Mary University of London, School of Law - Centre for Commercial Law Studies ( email )
London
United Kingdom
HOME PAGE: http://www.law.qmul.ac.uk/people/academic/hon.html
Christopher Millard
Queen Mary University of London, School of Law - Centre for Commercial Law Studies ( email )
67-69 Lincoln's Inn Fields
London, EC2A 3JB
United Kingdom
HOME PAGE: http://www.law.qmul.ac.uk/staff/millard.html
Oxford Internet Institute
1 St Giles
Oxford, OX1 3JS
United Kingdom
HOME PAGE: http://www.oii.ox.ac.uk/
Ian Walden
Queen Mary University of London, School of Law ( email )
Mile End Road
London, London E1 4NS
United Kingdom
Feedback to SSRN


Paper statistics
Abstract Views: 8,415
Downloads: 2,377
Download Rank: 2,563
Citations:  2
Footnotes:  215

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo2 in 0.313 seconds