Cloud Computing and Privacy

Cloud computing is a service that is offered by service providers and allows for large amounts of information to be stored in virtual servers.  These organizations are referred to as Cloud Computing Service Providers (collectively “CCSPs”) and operate within the “cloud.”  They are able to operate on a global scale, which makes their activities subject to international laws and places their users at the risk of loss of privacy.

What steps have been taken to protect user data?

In general, users of cloud computing relinquish their data, which may include confidential information, in order to store large amounts of information. Thus, CCSPs must be careful to protect privacy according to industry standards. The failure to establish proper safeguards may result in legal action by private individuals or governmental agencies (e.g., Federal Trade Commission). However, due to the security risk that users face by storing their data, governments have taken active roles in protecting against information loss. For example, the European Commission has instituted a Data Protection Directive.  The purpose of this directive is to to give citizens control over of their personal data and to simplify the regulatory environment for business.

How can international cooperation occur to ensure protection?

The idea that individual states should dictate regulations over CCSPs is unrealistic.  The vast amount of inconsistencies found in regulations would call for costly and inefficient control. Nations would potentially compete to become the most restrictive forces, which would create issues for regulatory measures. In reality, cooperation would be more effective if international organizations like the European Union or World Trade Organization (WTO) could join forces and organize a cohesive set of regulations. The “cloud” can then exist as a space that can be evaluated by organizations in order to protect users across the board. Another method is the use of international organization reports with application to modern-day cloud computing. For example, the UN International Covenant on Civil and Political Rights could be utilized in terms of protecting personal information. This form of safeguard can protect privacy while dealing with terrorism, however, the basis of protecting individuals’ privacy remains the same when dealing with cloud computing.

What are some constraints on international cloud computing regulations?

With the rapid growth of cloud computing and the race to apply regulations internationally, constraints do exist, given the different abilities of states. With a program like the European Union Data Protection Directive, protections might be unfairly distributed. Provisions exist about additional protections being provided if data is transferred outside of the European Union. In this way, it is possible that CCSPs existing within the European Union territories are given an advantage over ones located in the United States or other non-European nations.  Although, the WTO’s General Agreement on Trade in Services (GATS) aims to protect against unfairness, the agreement is subject to exceptions. In addition, no international organization has come into existence that works specifically to protect cloud computing activities. In a landscape where the nature of CCSPs is changing, and cyber activity increasing, it may become difficult for international organizations to handle regulations regarding cloud computing on their own. A cyber-activity centered international body of regulation would perhaps provide a more cohesive way to protect users from loss of privacy.

At our law firm, we assist clients with legal issues related to cloud computing and privacy. You may contact us to set up an initial consultation.