Abstract
Cloud Computing offers on-demand access to computational, infrastructure, and data resources operated from a remote source. It also moves functions and responsibilities away from local ownership and raises several legal issues, such as data protection. In this chapter, we investigate Cloud architectural views defined by international organizations, and reveal common usage patterns in Cloud federations where legal problems may arise.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
4CaaSt EU FP7 project website (2012). Available at http://4caast.morfeo-project.org
Amazon Web Services (2012). Available at http://aws.amazon.com/
Birnhack MD (2008) The EU data protection directive: an engine of a global regime. Tel Aviv University Law Faculty Papers, no 95, Tel Aviv University Law School
Buyya R, Yeo CS, Venugopal S, Broberg J, Brandic I (2009) Cloud computing and emerging it platforms: vision, hype, and reality for delivering computing as the 5th utility. Future Gener Comput Syst 25(6):599–616
Bygrave LA (2000) European data protection. Determining applicable law pursuant to European data protection legislation. Comput Law Secur Rep 16(4):252–257
Catteddu D, Hogben G (2009a) Cloud computing risk assessment: benefits, risks and recommendations for information security, ENISA report. Available at http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport
Catteddu D, Hogben G (2009b) An SME perspective on cloud computing. Cloud computing–SME survey, ENISA report. Available at http://www.enisa.europa.eu/act/rm/files/deliver-ables/cloud-computing-sme-survey/at_download/fullReport
Cloud Computing Use Case Discussion Group (2009). Availble at http://www.scribd.com/doc/179-29394/Cloud-Computing-Use-Cases-Whitepaper
COM (2012a) 09 final, Communication from the commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Safeguarding Privacy in a connected world a European data protection framework for the 21st Century, 25/01/2012
COM (2012b) 10 final, Proposal for a directive of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data, 25/01/2012
COM (2012c) 11 final, Proposal for a regulation of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation). Brussels 25(01):2012
Communication from the Commission to the European Parliament (2011) The council, the European economic and social committee and the committee of the regions a digital agenda for Europe, COM (2010) 0245 final
Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Unleashing the Potential of Cloud Computing in Europe, COM (2012) 529 final, Brussels, 27.9.2012
Council of the European Union (2012) Data Protection package, report on progress achieved under the Cyprus presidency, 16525/1/12 REV 1, 3rd Dec 2012
Data Protection Working Party (2010a) Opinion 1/2010 on the concepts of “controller” and “processor”. Ref WP 169. Available at http://ec.europa.eu/justice/policies/privacy/docs/wp-docs/2010/wp169_en.pdf
Data Protection Working Party (2010b) Opinion 8/2010 on applicable law. Ref WP 179. Available at http://ec.europa.eu/justice/policies/privacy/docs/wp-docs/2010/wp179_en.pdf
Decision Commission, no. 2000/520/EC of 26 July, (2000) pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce. Official J L 215:7–47
Decision of the EEA Joint Committee (2000) No. 83/1999 of 25 June 1999 amending Protocol 37 and Annex XI (Telecommunication services) to the EEA Agreement, Official J 296:41, Nov 2000
U.S. Department of Justice website (2012). Available at http://www.justice.gov/opcl/privacyactoverview2012/1974intro.htm
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official J L 281:31–50, Nov 1995
DMTF white paper no. DSP-IS0101 (2009) Interoperable clouds, a white paper from the open cloud standards incubator 1.0. Available at http://www.dmtf.org/sites/default/files/standards/documents/DSP-IS0101_1.0.0.pdf
Draft opinion of the Committee on the Internal Market and Consumer Protection (IMCO) (2012) For the Committee on Civil Liberties, Justice and Home Affairs on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012) 0011–C7-0025/2012 - 2012/0011(COD)) Rapporteur: Lara Comi, 25.9.2012
Draft opinion of the of the Committee on Legal Affairs (JURI) for the Committee on Civil Liberties, Justice and Home Affairs on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (COM(2012) 0011–C7-0025/2012 - 2012/0011(COD)) Marielle Gallo, Rapporteure (18.10.2012)
eBay Inc website (2012). Available at http://www.ebay.com/
EC Press release (2012) Commission proposes a comprehensive reform of data protection rules to increase users’ control of their data and to cut costs for businesses, European Commission, IP/12/46, 25/01/2012. available at europa.eu/rapid/pressReleasesAction.do?reference=IP/12/46
European Commission (2011) Information society and media directorate-general, converged networks and services, software and service architectures and infrastructures, cloud computing: public consultation report, Brussels, 5th Dec 2011. Available at http://ec.europa.eu/information_society/activities/cloudcomputing/docs/ccconsultationfinalreport.pdf
European Commission (2012) European cloud computing strategy (CCS), 2012. Available at http://ec.europa.eu/information_society/activities/cloudcomputing/cloud_strategy/index_en.htm
Ferrer AJ et al (2012) OPTIMIS: a holistic approach to cloud service provisioning. Future Gener Comput Syst 28:66–77
freedominfo.org (2012) The global network of freedom of information advocates website. Available at http://www.freedominfo.org/regions/east-asia/china/
Gellman R (2009) Privacy in the clouds: risks to privacy and confidentiality from Cloud Computing. World Privacy, Forum, 23 Feb 2009
Google Apps for Business (2012). Available at http://www.google.com/apps
Greenleaf G (2012) Global data privacy laws: 89 Countries, and accelerating, privacy laws and business international report, Issue 115, special supplement, Queen Mary School of Law Legal Studies Research Paper No 98/2012, Feb 2012
Kroes N (2012) Setting up the European cloud partnership, World Economic Forum, Davos, Switzerland, 26th Jan 2012
Liu F, Tong J, Mao J, Bohn RB, Messina JV, Badger ML, Leaf DM (2011) NIST cloud computing reference architecture, NIST Special Publication 500–292. Available at http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505
Marosi AC, Kecskemeti G, Kertesz A, Kacsuk P (2011) FCM: an architecture for integrating IaaS cloud systems. In: Proceedings of the second international conference on cloud computing, GRIDs, and virtualization (Cloud Computing (2011) IARIA. Rome, Italy, pp 7–12
Mell P, Grance T (2011) The NIST definition of cloud computing, NIST special publication 800–145. Available at http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
NextLabs website on Japan data protection (2012). Available at http://www.nextlabs.com/html/?q=japan-data-protection-acts-pipa-pipl
Office of the Austrialian Information Commissioner (OAIC) website (2012). Available at http://www.oaic.gov.au/about/what.html
Office of the Privacy Commissioner of Canada (OPC) website (2012). Available at http://www.priv.gc.ca
OPTIMIS FP7 project deliverable no. D7.2.1.1, Cloud Legal Guidelines (2010). Available at http://www.optimis-project.eu/sites/default/files/D7.2.1.1OPTIMISCloudLegalGuidelines.pdf
Orito Y, Murata K (2005) Privacy protection in Japan: cultural influence on the universal value. In: Electronic proceedings of Ethicomp’05
Public Consultation on Cloud Computing by the European Commission (2011). Available at http://ec.europa.eu/your-voice/ipm/forms/dispatch?form=cloudcomputing&lang=en
Rochwerger B et al. (2009) The reservoir model and architecture for open federated cloud computing. IBM J Res Dev
Safe Harbor website of export.gov. (2012). Available at https://safeharbor.export.gov
Schubert L, Jeffery K (2012) Advances in clouds–research in future cloud computing, report from the cloud computing expert working group meeting. Cordis (Online), BE: European Commission, 2012. Available at http://cordis.europa.eu/fp7/ict/ssai/docs/future-cc-2may-finalreport-experts.pdf
Schubert L, Jeffery K, Neidecker-Lutz B (2010) The future of cloud computing–report from the first cloud computing expert working group meeting. Cordis (Online), BE: European Commission, 2010. Available at http://cordis.europa.eu/fp7/ict/ssai/docs/Cloud-report-final.pdf
Svantesson D, Clarke R (2010) Privacy and consumer risks in cloud computing. Comput Law Secur Rev 26:391–397
Vaquero LM, Rodero-Merino L, Caceres J, Lindner M (2008) A break in the clouds: towards a cloud definition. SIGCOMM Comput Commun Rev 39(1):50–55
What is EU Data Protection Directive 95/46/EC? (2008). Available at http://searchsecurity.techtarget.co.uk/definition/EU-Data-Protection-Directive, http://Whatis.com
Whittaker Z (2011) Safe harbor: why EU data needs ‘protecting’ from US law. Available at http://www.zdnet.com/blog/igeneration/safe-harbor-why-eu-data-needs-protecting-from-us-law/8801
Winton A, Zhang A, Innes-Stubb S, Xu L (2012) Data protection and privacy in China, White and Case Technology Newsflash
Wong R (February 2011) Data protection: the future of privacy. Comput Law Secur Rev 27(1):53–57
Zimory GmbH website (2012). Available at http://www.zimory.com/
Acknowledgments
The research leading to these results has received funding from the SCI-BUS project of the FP7 Capacities Programme under contract RI-283481.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Kertesz, A., Varadi, S. (2014). Legal Aspects of Data Protection in Cloud Federations. In: Nepal, S., Pathan, M. (eds) Security, Privacy and Trust in Cloud Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38586-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-38586-5_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38585-8
Online ISBN: 978-3-642-38586-5
eBook Packages: EngineeringEngineering (R0)