Abstract
This paper is concerned with accountability in cloud ecosystems. The separation between data and data subjects as well as the exchange of data between cloud consumers and providers increases the complexity of data governance in cloud ecosystems, a problem which is exacerbated by emerging threats and vulnerabilities. This paper discusses how accountability addresses emerging issues and legal perspectives in cloud ecosystems. In particular, it introduces an accountability model tailored to the cloud. It presents on-going work within the Cloud Accountability Project, highlighting both legal and technical aspects of accountability.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Under Article 29 of the Data Protection Directive, a Working Party on the Protection of Individuals with regard to the Processing of Personal Data is established, made up of the Data Protection Commissioners from the Member States together with a representative of the European Commission. The Working Party is independent and acts in an advisory capacity. The Working Party seeks to harmonize the application of data protection rules throughout the EU, and publishes opinions and recommendations on various data protection topics.
References
European Commission: Advances in Clouds – Research in future cloud computing. Expert Group Report, Public version 1.0. European Union (2012)
ENISA: Cloud computing: benefits, risks and recommendations for information security. European Network and Information Security Agency (2009)
Mell, P., Grance, T.: The NIST Definition of Cloud Computing. NIST Special Publication 800-145 (2011)
Article 29 Data Protection Working Party: Opinion 3/2010 on the principle of accountability, 00062/10/EN WP 173 (2010)
The Galway Project: Accountability: A compendium for stakeholders. The Centre for Information Policy Leadership (2011)
Guagnin, D., et al. (eds.): Managing Privacy Through Accountability. Palgrave Macmillan, Basingstoke (2012)
Weitzner, D.J., et al.: Information accountability. Commun. ACM 51(6), 82–87 (2008)
Pearson, S.: Toward accountability in the cloud. IEEE Internet Comput. 15(4), 64–69 (2011)
Stilgherrian: Collateral damage in the copyright wars. http://www.abc.net.au/unleashed/3787384.html. Accessed June 2013
Bennett, C., Molnar, A., Parsons, C.: Forgetting, Non-Forgetting and Quasi-Forgetting in Social Networking: Canadian Policy and Corporate Practice. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2208098. Accessed 28 Jan 2013
Dumortier, J., Goemans, C.: Legal challenges for privacy protection and identity management. In: Jerman-Blažič, B., Schneider, W., Klobučar, T. (eds.) Security and Privacy in Advanced Networking Technologies. NATO Science Series, III: Computer and Systems Science, vol. 193, pp. 191–212. IOS Press, Amsterdam (2004)
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L 281, 23 Nov 1995, pp. 0031–0050 (1995)
Kuner, C.: European Data Protection Law – Corporate Compliance and Regulation, p. 51. Oxford University Press, Oxford (2008)
Walden, I.: Privacy and data protection. In: Reed, C., Angel, J. (eds.) Computer Law: The Law and Regulation of Information Technology, 7th edn. Oxford University Press, Oxford (2011)
Holznagel, B., Sonntag, M.: A case study: the JANUS project. In: Nicoll, C., Prins, J.E.J., van Dellen, M.J.M. (eds.) Digital Anonymity and the Law – Tensions and Dimensions, Information Technology and Law (No. 2). TMC Asser Press, The Hague (2003)
Proposal for a General Data Protection Regulation, COM (2012) 11 final, 25 January 2012
Löhr, H., Sadeghi, A.-R., Winandy, M.: Securing the e-health cloud. In: Veinot, T. (ed.) Proceedings of the 1st ACM International Health Informatics Symposium (IHI’10), pp. 220–229. ACM (2010)
Article 29 Data Protection Working Party, Opinion 05/2012 on Cloud Computing, 01037/12/EN, WP196 (2012)
Acknowledgments
This work has been partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD – http://www.a4cloud.eu/) Cloud Accountability Project. Figure 2 Threats in a Cloud Ecosystem is taken from a presentation by Siani Pearson. Figure 4 Example of data flows in a cloud ecosystem is based on original by Karin Bernsmed. We also would like to thank the contributions to the accountability conceptual framework of our partners within the Cloud Accountability Project: Daniele Catteddu, Giles Hogben, Amy Holcroft, Theofrastos Koulouris, Ronald Leenes, Christopher Millard, Maartje Niezen, David Nuñez, Nick Papanikolaou, Siani Pearson, Daniel Pradelles, Chris Reed, Chunming Rong, Jean-Claude Royer, Dimitra Stefanatou, Vasilis Tountopoulos, Tomasz Wiktor Wlodarczyk.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Felici, M., Jaatun, M.G., Kosta, E., Wainwright, N. (2013). Bringing Accountability to the Cloud: Addressing Emerging Threats and Legal Perspectives. In: Felici, M. (eds) Cyber Security and Privacy. CSP 2013. Communications in Computer and Information Science, vol 182. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41205-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-41205-9_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41204-2
Online ISBN: 978-3-642-41205-9
eBook Packages: Computer ScienceComputer Science (R0)