Learning Lessons from Cloud Investigations in Europe: Bargaining Enforcement and Multiple Centers of Regulation in Data Protection

29 Pages Posted: 27 Jan 2016 Last revised: 13 Jan 2017

Date Written: November 30, 2015

Abstract

The race is on for businesses and consumers to join the cloud. From increased efficiency to low operational costs to scalability, reasons abound as to why we are adopting cloud solutions. However, unleashing the potential of cloud ecosystems for companies and individuals has not been without difficulties. Industry research has highlighted that data protection and privacy concerns, in particular, can often be one of the main inhibitors to the widespread adoption of cloud-based systems. Lately, some US-based cloud companies have been required to comply with European data protection laws through the regulatory process of investigation by European data protection authorities (“Cloud Investigations”).

In this article, I analyze selected empirical findings from my recent qualitative socio-legal research project where I have examined the investigations of cloud providers by European data protection authorities (“EU DPAs”) to reflect on the roles of data protection laws during such investigations.

I advance two arguments. Firstly, a decentralized perspective on Cloud Investigations sheds a more comprehensive light on the roles of data protection laws during Cloud Investigations without assuming a priority that such laws have a privileged and static role in the regulatory process.

Secondly, and relatedly, I argue that by “cutting off the King’s head”, we can understand more fully the dynamic and context-dependent roles of data protection laws during Cloud Investigations. From time to time, law can be deployed to achieve the aims of the law-makers or enforcers. At other times, law can also be used as bargaining chips by EU DPAs and Cloud Providers to obstruct or facilitate the negotiations during Cloud Investigations. At other times still, law can often retreat from the field of action as other actors carry out the “act of government” to determine if and to what extent Cloud Providers are “accountable in reality.”

Keywords: cloud computing, data protection, European data protection, privacy, European data protection authorities, investigations

Suggested Citation

Vranaki, Asma A.I., Learning Lessons from Cloud Investigations in Europe: Bargaining Enforcement and Multiple Centers of Regulation in Data Protection (November 30, 2015). Journal of Law, Technology and Policy, No. 2, 2016, Available at SSRN: https://ssrn.com/abstract=2697171 or http://dx.doi.org/10.2139/ssrn.2697171

Asma A.I. Vranaki (Contact Author)

University of Bristol ( email )

Wills Memorial Building
Queen's Road Clifton
Bristol BS8 1RJ, BS8 1RJ
United Kingdom

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
152
Abstract Views
1,557
Rank
349,069
PlumX Metrics