Protecting Their Own: Fundamental Rights Implications for EU Data Sovereignty in the Cloud

Judith Rauhofer

University of Edinburgh - School of Law

Caspar Bowden


June 21, 2013

Edinburgh School of Law Research Paper No. 2013/28

The recent PRISM scandal has illustrated the privacy risks that EU citizens take when their personal information is stored or processed in the cloud. Although EU data protection laws are designed to restrict the private actors handling that data from processing it in a way and for purposes that are unlawful, those laws have no effect on public bodies, including law enforcement and security agencies in third countries whose access to that data may be authorized by the laws of their own countries. This is the case even if such access would violate the individual’s fundamental human rights had it occurred within the EU. This article examines the means by which the existing EU data protection framework restricts the transfer of personal data from the EU to third countries particularly in a cloud context. It analyses whether the European Commission’s proposal for a new Data Protection Regulation in its current form is likely to increase or reduce the protection provided to EU citizens in this regard, and it looks at the potential threat that the laws of third countries may pose to EU citizens’ right to privacy with respect to data uploaded to the cloud. The article assesses, in particular, the laws authorising the US government’s access to personal data held or processed by US cloud providers, focusing specifically on the US Foreign Intelligence Surveillance Act of 1978 (FISA) . It also highlights the lack of equivalent protections currently granted to EU citizens by the US constitution. The article argues that in the light of the clear and present danger that provisions like §1881a of FISA represent to EU citizens’ right to privacy, the EU institutions - as part of their own obligation under the Charter of Fundamental Rights and, in the future, the European Convention on Human Rights must take the appropriate steps to protect their citizens from this kind of interference.

Number of Pages in PDF File: 31

Keywords: PRISM, surveillance, data protection, cloud computing, privacy, ECHR, Fourth Amendment, FISA

Open PDF in Browser Download This Paper

Date posted: June 22, 2013 ; Last revised: July 4, 2013

Suggested Citation

Rauhofer, Judith and Bowden, Caspar, Protecting Their Own: Fundamental Rights Implications for EU Data Sovereignty in the Cloud (June 21, 2013). Edinburgh School of Law Research Paper No. 2013/28. Available at SSRN: http://ssrn.com/abstract=2283175 or http://dx.doi.org/10.2139/ssrn.2283175

Contact Information

Judith Rauhofer (Contact Author)
University of Edinburgh - School of Law ( email )
Old College
South Bridge
Edinburgh, EH8 9YL
United Kingdom

Caspar Bowden
Independent ( email )
Feedback to SSRN

Paper statistics
Abstract Views: 2,432
Downloads: 551
Download Rank: 35,414

© 2016 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollobot1 in 0.219 seconds