Abstract

http://ssrn.com/abstract=2042638
 
 

Footnotes (625)



 


 



Information Privacy and Data Control in Cloud Computing: Consumers, Privacy Preferences, and Market Efficiency


Jay P. Kesan


University of Illinois College of Law

Carol M. Hayes


University of Illinois College of Law

Masooda Bashir


University of Illinois at Urbana-Champaign

April 19, 2012

70 Wash. & Lee L. Rev. 341 (2013)
Illinois Program in Law, Behavior and Social Science Paper No. LBSS12-11
Illinois Public Law Research Paper No. 11-20

Abstract:     
So many of our daily activities now take place “in the cloud,” where we use our devices to tap into massive networks that span the globe. Virtually every time that we plug into a new service, the service requires us to click the seemingly ubiquitous box indicating that we have read and agreed to the provider’s terms of service (TOS) and privacy policy. If a user does not click on this box, he is denied access to the service, but agreeing to these terms without reading them can negatively impact the user’s legal rights.

As part of this work, we analyzed and categorized the terms of TOS agreements and privacy policies of several major cloud services to aid in our assessment of the state of user privacy in the cloud. Our empirical analysis showed that providers take similar approaches to user privacy and were consistently more detailed when describing the user’s obligations to the provider than when describing the provider’s obligations to the user. This asymmetry, combined with these terms’ nonnegotiable nature, led us to conclude that the current approach to user privacy in the cloud is in need of serious revision.

In this Article, we suggest adopting a legal regime that requires companies to provide baseline protections for personal information and also to take steps to enhance the parties’ control over their own data. We emphasize the need for a regime that allows for “data control” in the cloud, which we define as consisting of two parts: 1) the ability to withdraw data and require a service provider to stop using or storing the user’s information (data withdrawal); and 2) the ability to move data to a new location without being locked into a particular provider (data mobility). Ultimately, our goal with this piece is to apply established law and privacy theories to services in the cloud and set forth a model for the protection of information privacy that recognizes the importance of informed and empowered users.

Number of Pages in PDF File: 130

working papers series


Download This Paper

Date posted: April 20, 2012 ; Last revised: February 1, 2014

Suggested Citation

Kesan, Jay P. and Hayes, Carol M. and Bashir, Masooda, Information Privacy and Data Control in Cloud Computing: Consumers, Privacy Preferences, and Market Efficiency (April 19, 2012). 70 Wash. & Lee L. Rev. 341 (2013); Illinois Program in Law, Behavior and Social Science Paper No. LBSS12-11; Illinois Public Law Research Paper No. 11-20. Available at SSRN: http://ssrn.com/abstract=2042638 or http://dx.doi.org/10.2139/ssrn.2042638

Contact Information

Jay P. Kesan (Contact Author)
University of Illinois College of Law ( email )
504 E. Pennsylvania Avenue
Champaign, IL 61820
United States
217-333-7887 (Phone)
217-244-1478 (Fax)
HOME PAGE: http://www.jaykesan.com
Carol M. Hayes
University of Illinois College of Law ( email )
504 E. Pennsylvania Avenue
Champaign, IL 61820
United States
Masooda Bashir
University of Illinois at Urbana-Champaign ( email )
601 E John St
Champaign, IL 61820
United States
Feedback to SSRN


Paper statistics
Abstract Views: 1,030
Downloads: 230
Download Rank: 75,683
Footnotes:  625

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo7 in 0.313 seconds