Data Protection and Data Security Issues Related to Cloud Computing in the EU
We are in the midst of a revolution within computing. It goes under the name of cloud computing. Analysts estimate that in 2012, the size of the enterprise cloud-computing business may reach $60 billion to $80 billion – or about 10% of the global IT-service and enterprise-software market [DeSa09]. Such inevitable revolution brings about a lot of benefits but also several legal concerns. It has emerged from a recent study that security, privacy and legal matters represent the main obstacles that are encountered when implementing cloud computing, because the market provides only marginal assurance. This paper briefly describes the main legal issues related to cloud computing and then focuses on data protection and data security, which are by far the biggest concerns for both cloud service providers (CSPs) and (potential) customers. I build on the work done last year as contributor to the European Networks and Information Security Agency (ENISA) ’Cloud Computing Risk Assessment’ to further analyse data protection and data security issues. It is worth clarifying that the present paper analyses cloud computing services offered by CSPs to businesses (as opposed to consumers), i.e., B2B cloud computing.
KeywordsCloud Computing Personal Data Data Protection Data Security Cloud Provider
Unable to display preview. Download preview PDF.
- Mell, Peter & Grace, Tim: The NIST Definition of Cloud Computing. National Institute of Standards and Technology, 2009, available at: http://csrc.nist.gov/groups/SNS/cloudcomputing/cloud-def-v15.doc.
- Dean, David & Saleh, Tamim: Capturing the Value of Cloud Computing. How Enterprises Can Chart Their Course to the Next Level. The Boston Consulting Group, 2009, p. 1, available at: www.bcg.com/documents/file34246.pdf.
- Chung, Mike & Hermans, John: From Hype to Future. KPMG’s 2010 Cloud Computing Survey. KPMG, 2010, pp. 8 and 28, available at: www.kpmg.nl/Docs/Corporate_Site/Publicaties/From_Hype_to_Future.pdf.
- Balboni, Paolo, Mccorry, Kieran & Snead, David: Cloud Computing – Key Legal Issues. In: Cloud Computing Risk Assessment. European Networks and Information Security Agency (ENISA), 2009, p. 97 – 111, available at: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport.
- Poullet, Yves, Van Gyseghem, Jean-Marc, Gérard, Jacques, Gayrel, Claire & Moiny, Jean-Philippe: Cloud Computing and Its Implications on Data Protection. Council of Europe, 2010, available at: http://www.coe.int/t/dghl/cooperation/economiccrime/cybercrime/Documents/Reports-Presentations/2079_reps_IF10_yvespoullet1b.pdf.
- Hustinx, Peter: Data Protection and Cloud Computing under EU Law. European Data Protection Supervisor, Third European Cyber Security Awareness Day, BSA, European Parliament, 13 April 2010, available at: http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/Publications/Speeches/2010/10-0413_Speech_Cloud_Computing_EN.pdf.
- Article 29 Data Protection Working Party: Opinion 1/2010 on the Concepts of “Controller” and “Processor”. Article 29 Data Protection Working Party, 2010, available at: http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2010/wp169_en.pdf.
- Article 29 Data Protection Working Party: Work programme 2010 – 2011. Article 29 Data Protection Working Party, 2010, available at: ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2010/wp170_en.pdf.Google Scholar
- Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein: Cloud Computing und Datenschutz. Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, 2010, available at: https://www.datenschutzzentrum.de/cloud-computing.