Data Protection Regulation and Cloud Computing
PRIVACY AND LEGAL ISSUES IN CLOUD COMPUTING, Anne S.Y. Cheung and Rolf H. Weber, eds., Edward Elgar Publishing, pp. 26-42, 2015
12 Pages Posted: 28 May 2015
Date Written: August 31, 2014
The benefits of cloud computing make it appealing to a wide range of organizational customers: from small and medium enterprises to non- government organizations, which lack the expertise or resources to manage a complex and costly internal information technology (IT) infrastructure, to large multinational corporations that are attracted by the potential cost savings. However, despite the management and cost advantages of cloud computing, there are a number of information security and privacy protection concerns in particular, when the cloud is used to process or handle personal data. These concerns result from organizational customers’ apparent lack of control over and oversight of the way in which personal data are protected and managed therein.
This chapter covers the issues that organizational customers need to consider if they decide to engage the services of cloud providers. It first outlines the basic data protection principles underpinning the obligations of data users/controllers, and then describes the common data protection concerns that organizations have when engaging outsourcers, of which cloud providers are considered as a special type. Finally, the chapter outlines several characteristics of the business model that many cloud providers adopt and how those characteristics affect the protection of personal data privacy. Throughout the discussion, recommendations from data protection authorities (DPAs) are provided, where applicable.
Keywords: Cloud, data protection, privacy, regulation
Suggested Citation: Suggested Citation