EU Privacy and the Cloud: Consent and Jurisdiction Under the Proposed Regulation

12 BNA Privacy and Security Law Report 718 (04/29/2013)

UC Berkeley Public Law Research Paper No. 2290299

3 Pages Posted: 6 Jul 2013

See all articles by Paul M. Schwartz

Paul M. Schwartz

University of California, Berkeley - School of Law

Date Written: April 1, 2013

Abstract

The cloud is a business sector in which U.S. companies lead the world in new products and services. The market for cloud computing is already a multibillion-dollar international market. Forrester Research Inc. has predicted a growth in the size of this market from $40.7 billion in 2011 to more than $241 billion in 2020.

Due to the international dimensions of cloud computing, regulations outside of the United States are now as important as those inside it. The European Union is the most important bilateral trade area for the United States, and its proposed data protection regulation is of profound significance for U.S. companies that offer cloud services. As the European Commission notes, concerns about data protection constitute "one of the most serious barriers to cloud computing take-up." It calls for "a chain of confidence-building steps to create trust in cloud solutions."

One of the most important of these steps is the Proposed Data Protection Regulation. U.S. cloud services should take particular note of two areas of the Proposed Regulation. The first concerns its limitations on the use of an individual’s consent to permit data processing. The second is how it crafts a broad jurisdictional reach for EU information privacy law.

This Essay argues that the Proposed Data Protection Regulation drastically narrows the conditions for reliance on the use of "consent" mechanisms as a justification for data processing. The Proposed Regulation also extends EU privacy jurisdiction beyond the existing framework. This Essay analyzes the resulting strict "fair information practices" regarding consent in EU information privacy law. It also proposes adjustments to the proposed jurisdictional approach for EU privacy law.

Keywords: information privacy law, data protection, data privacy, European Union law

JEL Classification: F10, K00

Suggested Citation

Schwartz, Paul M., EU Privacy and the Cloud: Consent and Jurisdiction Under the Proposed Regulation (April 1, 2013). 12 BNA Privacy and Security Law Report 718 (04/29/2013), UC Berkeley Public Law Research Paper No. 2290299, Available at SSRN: https://ssrn.com/abstract=2290299

Paul M. Schwartz (Contact Author)

University of California, Berkeley - School of Law ( email )

Boalt Hall #7200
Berkeley, CA 94720-7200
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
308
Abstract Views
1,526
rank
115,128
PlumX Metrics