Skip to main content
SpringerLink
Log in

Legal Aspects of Data Protection in Cloud Federations

  • Chapter
  • First Online:
Security, Privacy and Trust in Cloud Systems

Abstract

Cloud Computing offers on-demand access to computational, infrastructure, and data resources operated from a remote source. It also moves functions and responsibilities away from local ownership and raises several legal issues, such as data protection. In this chapter, we investigate Cloud architectural views defined by international organizations, and reveal common usage patterns in Cloud federations where legal problems may arise.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. 4CaaSt EU FP7 project website (2012). Available at http://4caast.morfeo-project.org

  2. Amazon Web Services (2012). Available at http://aws.amazon.com/

  3. Birnhack MD (2008) The EU data protection directive: an engine of a global regime. Tel Aviv University Law Faculty Papers, no 95, Tel Aviv University Law School

    Google Scholar 

  4. Buyya R, Yeo CS, Venugopal S, Broberg J, Brandic I (2009) Cloud computing and emerging it platforms: vision, hype, and reality for delivering computing as the 5th utility. Future Gener Comput Syst 25(6):599–616

    Article  Google Scholar 

  5. Bygrave LA (2000) European data protection. Determining applicable law pursuant to European data protection legislation. Comput Law Secur Rep 16(4):252–257

    Article  Google Scholar 

  6. Catteddu D, Hogben G (2009a) Cloud computing risk assessment: benefits, risks and recommendations for information security, ENISA report. Available at http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport

  7. Catteddu D, Hogben G (2009b) An SME perspective on cloud computing. Cloud computing–SME survey, ENISA report. Available at http://www.enisa.europa.eu/act/rm/files/deliver-ables/cloud-computing-sme-survey/at_download/fullReport

  8. Cloud Computing Use Case Discussion Group (2009). Availble at http://www.scribd.com/doc/179-29394/Cloud-Computing-Use-Cases-Whitepaper

  9. COM (2012a) 09 final, Communication from the commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Safeguarding Privacy in a connected world a European data protection framework for the 21st Century, 25/01/2012

    Google Scholar 

  10. COM (2012b) 10 final, Proposal for a directive of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data, 25/01/2012

    Google Scholar 

  11. COM (2012c) 11 final, Proposal for a regulation of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation). Brussels 25(01):2012

    Google Scholar 

  12. Communication from the Commission to the European Parliament (2011) The council, the European economic and social committee and the committee of the regions a digital agenda for Europe, COM (2010) 0245 final

    Google Scholar 

  13. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Unleashing the Potential of Cloud Computing in Europe, COM (2012) 529 final, Brussels, 27.9.2012

    Google Scholar 

  14. Council of the European Union (2012) Data Protection package, report on progress achieved under the Cyprus presidency, 16525/1/12 REV 1, 3rd Dec 2012

    Google Scholar 

  15. Data Protection Working Party (2010a) Opinion 1/2010 on the concepts of “controller” and “processor”. Ref WP 169. Available at http://ec.europa.eu/justice/policies/privacy/docs/wp-docs/2010/wp169_en.pdf

  16. Data Protection Working Party (2010b) Opinion 8/2010 on applicable law. Ref WP 179. Available at http://ec.europa.eu/justice/policies/privacy/docs/wp-docs/2010/wp179_en.pdf

  17. Decision Commission, no. 2000/520/EC of 26 July, (2000) pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce. Official J L 215:7–47

    Google Scholar 

  18. Decision of the EEA Joint Committee (2000) No. 83/1999 of 25 June 1999 amending Protocol 37 and Annex XI (Telecommunication services) to the EEA Agreement, Official J 296:41, Nov 2000

    Google Scholar 

  19. U.S. Department of Justice website (2012). Available at http://www.justice.gov/opcl/privacyactoverview2012/1974intro.htm

  20. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official J L 281:31–50, Nov 1995

    Google Scholar 

  21. DMTF white paper no. DSP-IS0101 (2009) Interoperable clouds, a white paper from the open cloud standards incubator 1.0. Available at http://www.dmtf.org/sites/default/files/standards/documents/DSP-IS0101_1.0.0.pdf

  22. Draft opinion of the Committee on the Internal Market and Consumer Protection (IMCO) (2012) For the Committee on Civil Liberties, Justice and Home Affairs on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012) 0011–C7-0025/2012 - 2012/0011(COD)) Rapporteur: Lara Comi, 25.9.2012

    Google Scholar 

  23. Draft opinion of the of the Committee on Legal Affairs (JURI) for the Committee on Civil Liberties, Justice and Home Affairs on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (COM(2012) 0011–C7-0025/2012 - 2012/0011(COD)) Marielle Gallo, Rapporteure (18.10.2012)

    Google Scholar 

  24. eBay Inc website (2012). Available at http://www.ebay.com/

  25. EC Press release (2012) Commission proposes a comprehensive reform of data protection rules to increase users’ control of their data and to cut costs for businesses, European Commission, IP/12/46, 25/01/2012. available at europa.eu/rapid/pressReleasesAction.do?reference=IP/12/46

    Google Scholar 

  26. European Commission (2011) Information society and media directorate-general, converged networks and services, software and service architectures and infrastructures, cloud computing: public consultation report, Brussels, 5th Dec 2011. Available at http://ec.europa.eu/information_society/activities/cloudcomputing/docs/ccconsultationfinalreport.pdf

  27. European Commission (2012) European cloud computing strategy (CCS), 2012. Available at http://ec.europa.eu/information_society/activities/cloudcomputing/cloud_strategy/index_en.htm

  28. Ferrer AJ et al (2012) OPTIMIS: a holistic approach to cloud service provisioning. Future Gener Comput Syst 28:66–77

    Article  Google Scholar 

  29. freedominfo.org (2012) The global network of freedom of information advocates website. Available at http://www.freedominfo.org/regions/east-asia/china/

  30. Gellman R (2009) Privacy in the clouds: risks to privacy and confidentiality from Cloud Computing. World Privacy, Forum, 23 Feb 2009

    Google Scholar 

  31. Google Apps for Business (2012). Available at http://www.google.com/apps

  32. Greenleaf G (2012) Global data privacy laws: 89 Countries, and accelerating, privacy laws and business international report, Issue 115, special supplement, Queen Mary School of Law Legal Studies Research Paper No 98/2012, Feb 2012

    Google Scholar 

  33. Kroes N (2012) Setting up the European cloud partnership, World Economic Forum, Davos, Switzerland, 26th Jan 2012

    Google Scholar 

  34. Liu F, Tong J, Mao J, Bohn RB, Messina JV, Badger ML, Leaf DM (2011) NIST cloud computing reference architecture, NIST Special Publication 500–292. Available at http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505

  35. Marosi AC, Kecskemeti G, Kertesz A, Kacsuk P (2011) FCM: an architecture for integrating IaaS cloud systems. In: Proceedings of the second international conference on cloud computing, GRIDs, and virtualization (Cloud Computing (2011) IARIA. Rome, Italy, pp 7–12

    Google Scholar 

  36. Mell P, Grance T (2011) The NIST definition of cloud computing, NIST special publication 800–145. Available at http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

  37. NextLabs website on Japan data protection (2012). Available at http://www.nextlabs.com/html/?q=japan-data-protection-acts-pipa-pipl

  38. Office of the Austrialian Information Commissioner (OAIC) website (2012). Available at http://www.oaic.gov.au/about/what.html

  39. Office of the Privacy Commissioner of Canada (OPC) website (2012). Available at http://www.priv.gc.ca

  40. OPTIMIS FP7 project deliverable no. D7.2.1.1, Cloud Legal Guidelines (2010). Available at http://www.optimis-project.eu/sites/default/files/D7.2.1.1OPTIMISCloudLegalGuidelines.pdf

  41. Orito Y, Murata K (2005) Privacy protection in Japan: cultural influence on the universal value. In: Electronic proceedings of Ethicomp’05

    Google Scholar 

  42. Public Consultation on Cloud Computing by the European Commission (2011). Available at http://ec.europa.eu/your-voice/ipm/forms/dispatch?form=cloudcomputing&lang=en

  43. Rochwerger B et al. (2009) The reservoir model and architecture for open federated cloud computing. IBM J Res Dev

    Google Scholar 

  44. Safe Harbor website of export.gov. (2012). Available at https://safeharbor.export.gov

  45. Schubert L, Jeffery K (2012) Advances in clouds–research in future cloud computing, report from the cloud computing expert working group meeting. Cordis (Online), BE: European Commission, 2012. Available at http://cordis.europa.eu/fp7/ict/ssai/docs/future-cc-2may-finalreport-experts.pdf

  46. Schubert L, Jeffery K, Neidecker-Lutz B (2010) The future of cloud computing–report from the first cloud computing expert working group meeting. Cordis (Online), BE: European Commission, 2010. Available at http://cordis.europa.eu/fp7/ict/ssai/docs/Cloud-report-final.pdf

  47. Svantesson D, Clarke R (2010) Privacy and consumer risks in cloud computing. Comput Law Secur Rev 26:391–397

    Article  Google Scholar 

  48. Vaquero LM, Rodero-Merino L, Caceres J, Lindner M (2008) A break in the clouds: towards a cloud definition. SIGCOMM Comput Commun Rev 39(1):50–55

    Article  Google Scholar 

  49. What is EU Data Protection Directive 95/46/EC? (2008). Available at http://searchsecurity.techtarget.co.uk/definition/EU-Data-Protection-Directive, http://Whatis.com

  50. Whittaker Z (2011) Safe harbor: why EU data needs ‘protecting’ from US law. Available at http://www.zdnet.com/blog/igeneration/safe-harbor-why-eu-data-needs-protecting-from-us-law/8801

  51. Winton A, Zhang A, Innes-Stubb S, Xu L (2012) Data protection and privacy in China, White and Case Technology Newsflash

    Google Scholar 

  52. Wong R (February 2011) Data protection: the future of privacy. Comput Law Secur Rev 27(1):53–57

    Article  Google Scholar 

  53. Zimory GmbH website (2012). Available at http://www.zimory.com/

Download references

Acknowledgments

The research leading to these results has received funding from the SCI-BUS project of the FP7 Capacities Programme under contract RI-283481.

Author information

Authors and Affiliations

  1. MTA SZTAKI Computer and Automation Research Institute, 63, Budapest, 1518, Hungary

    Attila Kertesz

  2. Department of International and European Law, University of Szeged, Rakoczi ter 1, Szeged, 6722, Hungary

    Szilvia Varadi

Authors
  1. Attila Kertesz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Szilvia Varadi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Attila Kertesz .

Editor information

Editors and Affiliations

  1. CSIRO ICT Centre, Marsfield, New South Wales, Australia

    Surya Nepal

  2. Telstra Corporation Limited, Melbourne, Victoria, Australia

    Mukaddim Pathan

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Kertesz, A., Varadi, S. (2014). Legal Aspects of Data Protection in Cloud Federations. In: Nepal, S., Pathan, M. (eds) Security, Privacy and Trust in Cloud Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38586-5_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38586-5_15

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38585-8

  • Online ISBN: 978-3-642-38586-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation