Abstract
Cloud computing is taking place against the background of, and further contributes to, the legal complexity of the internet. This situation must be addressed not only in order to reap all cloud computing’s potential benefits, but also because the cloud has become both a source and a target for crime, specifically cybercrime. Consequently, the use of cloud computing draws the attention of law enforcement agencies (LEAs) while affecting rights recognized by the European Charter of Fundamental Rights, such as privacy and data protection. The purpose of this chapter is to analyse the impact on data protection of LEAs’ access to, and use of, data stored in cloud computing services, with a particular focus on the European Union legal framework, and to raise questions on the adequacy of the framework itself. This requires examining the interplay between data protection and cloud computing not only after, but also before the inception of an investigation. The analysis shows that the shortcomings of the data protection legal framework highlighted by cloud computing are a radicalization of existing problems concerning data protection and LEAs. Yet, to provide adequate protection for individuals, various aspects of current data protection laws need to be updated.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The political priority in the EU is to “ensure respect for fundamental freedoms and integrity while guaranteeing security”. This should translate into a high level of data protection and privacy, which is overarching in justice, liberty and security and should be adequately protected (ibid.).
- 2.
In particular, privacy “consists in preventing others from interfering with one’s private family and life. In other words, it is a static, negative kind of protection. Conversely data protection sets out the rules on the mechanisms to process data and empowers one to take steps—i.e., it is a dynamic kind of protection, which follows a data in all its movements. […] data protection contributes to the ‘constitutionalisation of the person’ […] can be seen to sum up a bundle of rights that make up citizenship in the new millenium”. As such, LEAs access to the data will have a different impact on the two rights. Because of space constraints, and because of the dynamic nature of cloud computing and the subject analysed, the chapter focuses on data protection only. For an account of the evolution and separation of privacy and data protection, see, inter alia (Rodotà 2009).
- 3.
However, in other countries, notably the US, a right to data protection is still questioned and the notion of privacy is more open-ended (Solove 2007).
- 4.
It is to further the scholarship to research the impact on data protection of LEAs’ requests different from the ones listed.
- 5.
This paper is a condensed version of Sects. 1, 3 and 4 of “Data Protection in the Clouds: Regulatory Challenges,” (Working paper for the Conference (Porcedda and Walden 2011) “Law Enforcement in the Clouds: Regulatory Challenges” Brussels, Belgium, February 24, 2011, available at: http://www.crid.be/cloudcomputing/paper.html), which dealt with European Union-related data protection issues of LEAs’ access to data stored in the cloud. For an excellent account of the “European Union and international legal rules, particularly the Council of Europe Cybercrime Convention (2001), governing the obtaining of data for investigative and subsequent prosecutorial purposes, and how such rules may, and do, interact and potentially conflict with foreign laws and rules [as well as…] some of the forensic challenges addressed all relevant law enforcement issues”, see the Sect. 2 of the same, written by Ian Walden (see also at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1781067).
- 6.
Privacy concerns raised by cloud computing are not the object of the analysis here (see fn. 2).
- 7.
“Cloud computing has been talked about, blogged about, written about […] Nevertheless, confusion remains about exactly what it is and when it is useful…” (Armbrust et al. 2009, 3).
- 8.
Especially since the legal problems raised by each kind of computer service might to a certain extent differ.
- 9.
“‘Information power’ (i.e. further growth of automatic data processing) brings with it a corresponding social responsibility of the data users in the private and public sector.” “It is desirable to extend the safeguards for […] the right to the respect for privacy […]” and “it is necessary to reconcile […] the respect for privacy and the free flow of information between peoples […]”.
- 10.
For a detailed analysis of the ECtHR’s case law, see De Hert and Gutwirth (2009).
- 11.
Although I stress again that only the latter is addressed here. “The very essence of the Convention is respect for human dignity and human freedom. Under Article 8 of the Convention in particular, where the notion of personal autonomy is an important principle underlying the interpretation of its guarantees, protection is given to the personal sphere of each individual, including the right to establish details of their identity as individual human beings” (ECtHR, Goodwin v. UK (28957/95), judg. 11.07.2002, par. 90).
- 12.
“[…] The object of the national laws on the processing of personal data is to protect fundamental rights and freedoms, notably the right to privacy, which is recognized both in Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms and in the general principles of Community law; […] for that reason, the approximation of those laws must not result in any lessening of the protection they afford but must, on the contrary, seek to ensure a high level of protection in the Community.”
- 13.
“ […] The principles of the protection of the rights and freedoms of individuals, notably the right to privacy, which are contained in this Directive, give substance to and amplify those contained in the Council of Europe.”
- 14.
Although the scope of the exceptions is not going to be discussed here, it is worth noting that it has already been questioned long ago (Rodotà 1973).
- 15.
It must be pointed out that the question of what constitutes the “core” of data protection has not been closed by Article 8: further principles specify the right to data protection, while others are being questioned, such as consent, which has long been considered a “rubber-stamp” principle (see Rodotà 1973). The discussion on the core of data protection is too wide to be developed here. For an excellent account of principles deriving from Convention 108, see De Busser (2009). For a specific analysis of the principles of data protection affected by the use of cloud computing, in the context of Council of Europe’s Convention 108, see Gayrel et al. (2010). For a more detailed analysis of data protection in the area of Freedom, Security and Justice, see, inter alia, Gutwirth et al. 2009 Reinventing Data Protection? (De Hert et al. 2008; De Busser 2009; Dumortier et al. 2010; Hijmans and Scirocco 2009; Rodotà 1973; Gayrel et al. 2010).
- 16.
Or any principle constituting the core of data protection, consistent with what is discussed above.
- 17.
In other words, the application of these principles should be accommodated to the needs of investigations taking into account the specificity of the situation. For instance, giving information to the data subject beforehand is not conceivable without ruining the investigation. In this case, the individual should be informed after the fact. Access to data as normally intended could also disrupt investigations; an indirect form, such as access by the supervisory authority, can therefore be the alternative. Supervisory authority would be, in this case, the liaison between LEAs and the data subject.
- 18.
TFEU, at Art. 16.
- 19.
TEU, at Art. 6.
- 20.
“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.”
- 21.
In the case Lindqvist, the ECJ clarified that member states can extend the protection to legal persons; however, only Italy, Austria, Luxembourg have indeed extended some of the provisions to legal persons.
- 22.
While this may not be immediately relevant from LEA’s point of view, it implies that data processed for domestic purposes may enjoy reduced protection from the very outset, and it may be difficult to establish responsibility if problems arise.
- 23.
If, for instance, the definition of personal data covered know-how (which is different from, and not covered by, legislation on patents), the latter would (should) be technically and procedurally protected against security breaches like any personal data and, in case of a breach of security, clear liability for the consequent losses could be established. Conversely, certain categories of information would not be adequately protected, despite their importance for legal persons. On the other hand, information on employees would undoubtedly be considered personal data.
- 24.
Article 16 of the Data Protection Directive reads as follows “Any person acting under the authority of the controller or of the processor, including the processor himself, who has access to personal data, must not process them except on instructions from the controller, unless he is required to do so by law”.
- 25.
Deciding the means and purposes of processing automatically qualifies somebody as a data controller, as we have seen. But this would not be possible under the current legal framework, given that the processing does not relate to personal data. This lack of protection may, in the long run, act as a boomerang effect for companies, too: cloud computing services could become unappealing to individuals and companies.
- 26.
Accountability would both mean to take the appropriate measures or follow the procedures to implement data protection principles (also when transferring data abroad), and to be able to demonstrate that appropriate and effective measures have been taken (evidence). This could be done by means of monitoring or conducting internal/external audits. It follows that transparency is an integral element of accountability.
- 27.
Not only laptops, but cookies can be considered equipment. Provided that the user has not blocked the latter, therefore, the Directive 95/46/EC would apply to most cloud computing services. On the matter, see Leenes (2010).
- 28.
See, inter alia, the implementing rules of the Council Decision (2009b) at: <http://www.europol.europa.eu/index.asp?page=legal_other>.
- 29.
As the Stockholm Program has explicitly recognized “the internal security is interlinked with the external dimension of the threats”, (European Council 2010, 36).
- 30.
Ibid.
- 31.
For an account of the initial steps of the several EU-US information exchange agreements, see Rocco Bellanova and Paul De Hert (2008).
- 32.
As in the case of the Agreement on Mutual Legal Assistance of 25 June 2003 (EU-US Agreement on Extradition and Multilateral Legal Assistance 2003). In fact, data protection can be invoked as a ground for refusal only in exceptional cases. Furthermore, the case-by-case structure of the MLAT would make it possible to “bypass most of the sensitive issues of data protection” (Tanaka et al. 2010).
- 33.
- 34.
Taylor et al. (2010), 304.
- 35.
Ibid.
- 36.
In detail, the essential objective of the directive is that of regulating the providers’ retention of data, whereas data access by LEAs is only the ancillary object, because it is not addressed by the Directive itself (Hijmans and Scirocco 2009).
- 37.
“Service: any Information Society service, that is to say, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services”, amended Article 1(a) 2.
- 38.
See the work of the Platform on Electronic Data Retention for the Investigation, Detection and Prosecution of Serious Crime, at the page <http://ec.europa.eu/home-affairs/policies/police/police_data_experts_en.htm>.
- 39.
The Experts Group on Data Retention has published a working paper (not available as of December 2010), on this issue: Series A—Position paper 7—Closer understanding of the term “Data Security” in relation to its application in Directive 2006/24/EC. The paper was adopted on 14 July 2010.
- 40.
There has been a fierce political fight on this point, Ibid.
- 41.
Few Member states have extended the Data Protection Directive to the activities of police and judicial cooperation.
- 42.
In fact, although pursuant to Article 1 the decision should also apply to “data exchanged between Member States and authorities or information systems established under the former title VI of the Treaty on European Union (TEU)” such as Europol/Eurojust, Article 28 limits substantially this provision.
- 43.
Since it does not contain specific rules on data protection, the Council of Europe Convention on Cybercrime (Council of Europe, CETS No.185), which is the only internationally binding instrument existing, does not belong in this category. For this reason, the Article 29 Working Party has criticised it in a working document (The Article 29 Working Party 2001). The same applies to Council Framework Decision 2005/222/JHA on attacks against information systems. For a pertinent discussion on the former instrument, see Porcedda and Walden (2011), Sect. 2.
- 44.
See, inter alia, Dumortier et al. (2010).
- 45.
Id., see also Bradshaw et al. (2010).
- 46.
For a detailed analysis of the public-private partnerships, see Porcedda and Walden (2011), Sect. 2.
- 47.
For an analysis of the consequences of LEAs’ use of evidence obtained unlawfully, see Porcedda and Walden (2011), Sect. 2.
- 48.
For a synthesis of the facts since the New York Times unveiled the access by US Treasury Department authorities of financial records held by SWIFT 4 years ago see EPHR 2010.
- 49.
See at <http://www.swift.com/about_swift/press_room/swift_news_archive/2010/business_forum/Canadian_Business_Forum_2010.page>.
References
Books and Articles
Armbrust, Michael, Fox, Armando, Griffith, Rean, Joseph, Anthony D., H. Katz, Randy, Andrew, Konwinski, Lee, Gunho, Patterson, David A., Rabkin, Ariel, Stoica, Ion, and Zaharia, Matei. 2009. Above the clouds: A Berkeley view of cloud computing. Technical Report No. UCB/EECS-2009-28. Accessed 10 Feb 2009.
Barcelo, Rosa. 2009. EU: Revision of the ePrivacy directive. Computer Law Review International 5:129–160.
Bellanova, Rocco. 2010. The case of the 2008 German-US agreement on data exchange: An opportunity to reshape power relations? In Data protection in a profiled world, eds. Paul De Hert, Serge Gutwirth, and Yves Poullet. Dordrecht: Springer.
Bellanova, Rocco, and De Hert, Paul. 2008. Data protection from a transatlantic perspective: The EU and US move towards an international data protection agreement? Study for the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs. Brussels.
Bradshaw, Simon. 2010. Cloud computing: Security and privacy aspects and cloud contract. Conference presentation, Ankara.
Bradshaw, Simon, Millard, Christopher, and Walden, Ian. 2010. Contracts for clouds: A comparative analysis of terms and conditions for cloud computing services. Queen Mary School of Law Legal Studies Research (Paper No. 63/201). London.
Clarke, Roger, and Stavensson, Dan. 2010. Privacy and consumers risks in cloud computing. Computer Law and Security Review 26 (4): 391–397.
De Busser, Els. 2009. Data protection in EU and US criminal cooperation: A substantive law approach to the EU internal and transatlantic cooperation in criminal matters between judicial and law enforcement authorities. Maklu Uitgevers N.V.
De Hert, Paul, and Gutwirth, Serge. 2009. Data protection in the case law of Strasbourg and Luxembourg: Constitutionalism in action. In Reinventing data protection? eds. Serge Gutwirth, Yves Poullet, Paul De Hert, Sjaak Nouwt and Cécile de de Terwangne ,3–44. Springer.
De Hert, Paul, Papakonstantinou, Vagelis, and Riehle, Cornelia. 2008. Data protection in the third pillar: Cautious pessimism. In Crime, rights and the EU, the future of police and judicial cooperation, ed. Martin Maik. London: Justice.
Dumortier, Frank, Gayrel, Claire, Poullet, Yves, Jouret, J., and Moreau, D. 2010. La protection des Données dans l’Espace Européen de Liberté, de Sécurité et de Justice. Journal de Droit Européen 166:33–46.
Gayrel, Claire, Gérard, Jacques, Moniy, Jean-Philippe, Poullet, Yves, Van Gyseghem, and Jean-Marc. 2010. Cloud computing and its implications on data protection. Paper for the council of Europe’s Project on Cloud Computing, Centre de Recherche Informatique et Droit (Namur, March 2010). http://www.coe.int/t/dghl/cooperation/economiccrime/cybercrime/Documents/Reports-Presentations/2079_reps_IF10_yvespoullet1b.pdf.
Gellman, Robert. 2009. Privacy in the clouds: Risks to privacy and confidentiality from cloud computing. Paper prepared for the World Privacy Forum.
Grance, Tim, and Mell, Peter. 2009. The NIST definition of cloud computing (Version 15). http://csrc.nist.gov/groups/SNS/cloud-computing/. Accessed 10 July 2009.
Gutwirth, S., Poullet, Y., Hert, P. de, Terwangne, C. de, Nouwt, S. (Eds.). (2009). Reinventing data protection? The Netherlands: Springer.
Hijmans, Hielke. 2010. Data protection and international agreements in the area of law enforcement. Speech delivered at the conference on the area of freedom, security and justice in a wider world. The Hague.
Hijmans, Hielke, and Scirocco, Alfonso. 2009. Shortcomings in EU data protection in the third and the second pillars. Can the Lisbon treaty be expected to help? Common Market Law Review 46: 1485–1525.
Hustinx, Peter. 2009. Data protection in the light of the Lisbon treaty and the consequences for present regulations. Speech delivered at the 11th conference on data protection and data security. Berlin.
Hustinx, Peter. 2010. Data protection and cloud computing under EU law. Speech delivered at the third European Cyber Security Awareness Day. Brussels.
Leenes, Ronald. 2010. Who controls the cloud? Revista de Internet. Derecho y Politica 11.
Lichtblau, Eric, and Risen, James. 2006. Bank data is sifted by U.S. in secret to block terror. The New York Times.
Nelson, Michael R. 2009. Cloud computing and public policy. Briefing paper for the ICCP Technology Foresight Forum, Organization for Economic Cooperation Development.
Porcedda, Maria Grazia, and Walden, Ian. 2011. Regulatory challenges in a changing computing environment. Working paper for the conference “Law enforcement in the clouds: regulatory challenges”. Brussels, Belgium. http://www.crid.be/cloudcomputing/default.htm. Accessed 24 Feb 2011.
Rodotà, Stefano. 1973. Elaboratori elettronici e controllo sociale. Bologna: II Mulino.
Rodotà, Stefano. 2005. Intervista su Privacy e Libertà. A cura di Paolo Conti. Laterza.
Rodotà, Stefano. 2009. Data protection as a fundamental right. In Reinventing data protection? eds. Serge Gutwirth, Yves Poullet, Paul De Hert, Sjaak Nouwt and Cécile de Terwangne ,79-80. Springer.
Scheinin, Martin. 2009. Terrorism and the pull of ‘Balancing’ in the name of security. In Law and security—facing the dilemmas, ed. Martin Scheinin, Florence: European University Institute Working Paper No. 11, 2009.
Schwerha, Jospeh J. IV. 2010. Law enforcement challenges in trans-border acquisition of electronic evidence from cloud computing providers. Discussion paper for the Council of Europe, Strasbourg, France.
Sibos Issues Thursday. 2009. The official daily newspaper of Sibos. Hong Kong. (14–18 Sept 2009)
Solove, Daniel J. 2007. ‘I’ve got nothing to hide’ and other misunderstandings of privacy. San Diego Law Review 44, GWU Law School Public Law Research Paper No. 289.
SWIFT. 2007. EDPS glossary. http://www.edps.europa.eu/EDPSWEB/edps/site/mySite/pid/87.
Taylor, Mark, Haggerty, John, Gresty, David, and Hegarty, Robert. 2010. Digital evidence in cloud computing systems. Computer Law and Security Review 26 (3): 304–308.
V. A. 2008. Cybercrime and cybersecurity in Europe. The European files.
Van Gyseghem, and Jean-Marc. 2008. 2008eHealth services and directive on electronic commerce 2000/31/EC. In Proceedings of the HIT@HeathCare 2008 joint event: collection of studies in health technology and informatics 141: 57–66.
Legal Instruments and Policy Documents
Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program. 2010. Official Journal L 195: 5–14.
Charter of Fundamental Rights of the European Union. 2000. Official Journal C 364: 1–22.
Consolidated versions of the Treaty on European Union (TEU) and the Treaty on the Functioning of the European Union (TFEU). 2010. Official Journal C 83 of 30 March 2010.
Council of Europe. 1950. ETS no 005, Convention for the protection of Human Rights and Fundamental Freedoms, as amended by Protocols No 11 and 14, Rome.
Council of Europe. 1981. CETS No. 108, Convention for the protection of individuals with regard to automatic processing of personal data. http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=108&CM=1&DF=&CL=ENG.
Council of Europe. 1987. Recommendation no R (87) 15 of the Committee of Ministers regulating the use of personal data in the police sector, council of Europe (Police Recommendation).
Council of Europe. 2001. Additional protocol to the convention for the protection of individuals with regard to automatic processing of personal data, regarding supervisory authorities and trans-border data flows, CETS No. 181
Council of Europe. 2001. Convention on Cybercrime, Budapest, CETS No. 105, 23 November 2001.
Council Decision. 2009a. 2009/426/JHA of 16 December 2008, Official Journal L 138:14–32.
Council Decision. 2009b. 2009/371/JHA of 6 April 2009, Official Journal L 121:37–66.
Council Framework Decision. 2008. 2008/977/JHA of 27 November 2008, Official Journal L 350:60–71.
Council Framework Decision. 2005. 2005/222/JHA of 24 February 2005, Official Journal L 69, 16/03/2005, 67.
Directive. 1995. 95/46/EC (Data Protection Directive) Official Journal L 281, 23.11.1995, 31.
Directive. 1998. 98/48/EC of 20 July 1998, Official Journal L 217:18–26.
Directive. 2000. 2000/31/EC of 8 June 2000, Official Journal L 178:1–16 (Directive on Electronic Commerce).
Directive. 2002. 2002/58/EC, Official Journal L 201, 31.07.2002, 37 (Directive on Privacy and Electronic Communications)
Directive. 2006. 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC Official Journal L 13.04.2006, 105:54–63.
Directive. 2009. 2009/136/EC of 25 November 2009, OJ L 337, 18.12.2009, p. 11–36, without the text ‘to be transposed’, which is now obsolete.
EDPS. 2007. Opinion on the role of the European Central Bank in the SWIFT case.
EDPS. 2010. Opinion on promoting trust in the information society by fostering data protection and privacy (Opinion on Privacy By Design). 14.
European Commission. 2002. (COM) 2002 0173 final, “Proposal for a Council Framework Decision on Attacks against Information Systems”.
European Commission. 2010a. (COM) 2010 0609 final, “A comprehensive approach on personal data protection in the European Union”.
European Commission. 2010b. COM (2010)385 final, “Overview of information management in the area of freedom, security and justice”. Brussels.
European Commission. 2010c. COM (2010) 0245 final/2 “A Digital Agenda for Europe”. Brussels.
European Court of Justice. 2009. C-301/06, Ireland vs. Council and Parliament.
European Court of Human Rights. 2002. Goodwin vs. UK (28957/95), judg.
European Council—an open and secure Europe serving and protecting citizens. 2010. Official Journal C 115, 4.5.2010, 47, 3.
European Network and Information Security Agency (ENISA). 2009. Cloud computing, benefits, risks and recommendations for information security.
European Privacy and Human Rights (EPHR). (2010). Privacy International, the Electronic Privacy Information Center (EPIC) and the Center for Media and Communications Studies (CMCS). (eds.). https://www.privacyinternational.org/article/european-union-privacy-profile.
EU-US Agreement on Extradition and Multilateral Legal Assistance. 2003. Official Journal L 181/34, 19 July 2003.
House of Lords, European Union Committee. 2008. The treaty of Lisbon: An impact assessment. 10th Report Session 2007–2008, 13 March 2008. http://www.publications.parliament.uk/pa/ld200708/ldselect/ldeucom/62/62.pdf.
Regulation. 2001. (EC) No 45/2001, Official Journal L 8:1–21.
Regulation. 2010. (EU) No 542/2010 of 3 June 2010, Official Journal L 155:23–26.
Tanaka Hiroyuki et. al. 2010. Transatlantic information sharing: at a crossroads. Washington: Migration Policy Institute (43 note 140).
The Article 29 Data Protection Working Party. 1998. Working document: Transfers of personal data to third countries: Applying Articles 25 and 26 of the EU data protection directive (WP 12).
The Article 29 Data Protection Working Party. 2001. Opinion 4/2001 on the Council of Europe’s draft convention on cybercrime (WP 41).
The Article 29 Data Protection Working Party. 2006. Opinion 10/2006 on the processing of personal data by the society for worldwide interbank financial telecommunication (SWIFT; WP 128).
The Article 29 Data Protection Working Party. 2007. Opinion N. 4/2007 on the concept of personal data (WP 136).
The Article 29 Data Protection Working Party. 2010a. Opinion 3/2010 on the principle of accountability (WP 173).
The Article 29 Data Protection Working Party. 2010b. Report 01/2010 on the second joint enforcement action: Compliance at national level of telecom providers and ISPs with the obligations required from national traffic data retention legislation on the legal basis of Articles 6 and 9 of the e-privacy directive 2002/58/EC and the data retention directive 2006/24/EC amending the e-Privacy Directive (WP 172).
TheArticle 29 Data Protection Working Party. 2010c. Opinion 1/2010 on the concepts of ‘controller’ and ‘processor’ (WP 169).
The Article 29 Data Protection Working Party. 2010d. (WP 170) 2010–2011 work program can be consulted at: http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp170_en.pdf.
The Article 29 Data Protection Working Party and The Working Party on Police and Justice. 2009. ‘The Future of Privacy’: Joint contribution to the consultation of the European Commission on the legal framework for the fundamental right to protection of personal data (WP 168).
Acknowledgements
This paper is the result of research carried out at both the CRID (Belgium) and the EUI (Italy). I would therefore like to thank Yves Poullet, Jean-Marc Van Gyseghem, Jean-Philippe Moiny and Giovanni Sartor for the extensive comments and helpful discussions which resulted in substantial improvements of this paper. I am also very thankful to Martyn Egan (EUI) for his thorough and patient linguistic advice.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Science+Business Media B.V.
About this chapter
Cite this chapter
Porcedda, M.G. (2012). Law Enforcement in the Clouds: Is the EU Data Protection Legal Framework up to the Task?. In: Gutwirth, S., Leenes, R., De Hert, P., Poullet, Y. (eds) European Data Protection: In Good Health?. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-2903-2_10
Download citation
DOI: https://doi.org/10.1007/978-94-007-2903-2_10
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-2902-5
Online ISBN: 978-94-007-2903-2
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)