Abstract

http://ssrn.com/abstract=2290303
 


 



Information Privacy in the Cloud


Paul M. Schwartz


University of California, Berkeley - School of Law

May 1, 2013

University of Pennsylvania Law Review, Vol. 161, No. 1623 (2013)
UC Berkeley Public Law Research Paper No. 2290303

Abstract:     
Cloud computing is the locating of computing resources on the Internet in a fashion that makes them highly dynamic and scalable. This kind of distributed computing environment can quickly expand to handle a greater system load or take on new tasks. Cloud computing thereby permits dramatic flexibility in processing decisions – and on a global basis. The rise of the cloud has also significantly challenged established legal paradigms. This Article analyzes current shortcomings of information privacy law in the context of the cloud. It also develops normative proposals to allow the cloud to become a central part of the evolving Internet. These proposals rest on strong and effective protections for information privacy that are sensitive to technological changes.

This Article examines three areas of change in personal data processing due to the cloud. The first area of change concerns the nature of information processing at companies. For many organizations, data transmissions are no longer point-to-point transactions within one country; they are now increasingly international in nature. As a result of this development, the legal distinction between national and international data processing is less meaningful than in the past. Computing activities now shift from country to country depending on load capacity, time of day, and a variety of other concerns. The jurisdictional concepts of EU law do not fit well with these changes in the scale and nature of international data processing.

A second legal issue concerns the multi-directional nature of modern data flows, which occur today as a networked series of processes made to deliver a business result. Due to this development, established concepts of privacy law, such as the definition of “personal information” and the meaning of “automated processing” have become problematic. There is also no international harmonization of these concepts. As a result, European Union and U.S. officials may differ on whether certain activities in the cloud implicate privacy law.

A final change relates to a shift to a process-oriented management approach. Users no longer need to own technology, whether software or hardware, that is placed in the cloud. Rather, different parties in the cloud can contribute inputs and outputs and execute other kinds of actions. In short, technology has provided new answers to a question that Ronald Coase first posed in “The Nature of the Firm.” New technologies and accompanying business models now allow firms to approach “make or buy” decisions in innovative ways. Yet, privacy law’s approach to liability for privacy violations and data losses in the new “make or buy” world of the cloud may not create adequate incentives for the multiple parties who handle personal data.

Number of Pages in PDF File: 40

Keywords: information privacy, data protection, European Union

JEL Classification: F10, K00

Accepted Paper Series





Download This Paper

Date posted: July 8, 2013  

Suggested Citation

Schwartz, Paul M., Information Privacy in the Cloud (May 1, 2013). University of Pennsylvania Law Review, Vol. 161, No. 1623 (2013); UC Berkeley Public Law Research Paper No. 2290303. Available at SSRN: http://ssrn.com/abstract=2290303

Contact Information

Paul M. Schwartz (Contact Author)
University of California, Berkeley - School of Law ( email )
Boalt Hall #7200
Berkeley, CA 94720-7200
United States
Feedback to SSRN


Paper statistics
Abstract Views: 1,593
Downloads: 378
Download Rank: 43,920

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo4 in 0.360 seconds