Skip to main content
SpringerLink
Log in

On the Relationship between the Different Methods to Address Privacy Issues in the Cloud

  • Conference paper
On the Move to Meaningful Internet Systems: OTM 2013 Conferences (OTM 2013)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8185))

Abstract

In conjunction with regulation, information security technology is expected to play a critical role in enforcing the right for privacy and data protection. The role of security in privacy by design is discussed in this paper, as well as the relationship of these to accountability. The focus within these discussions is on technological methods to support privacy and data protection in cloud scenarios.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. European Commission (EC): Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)

    Google Scholar 

  2. European Commission: Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (January 2012)

    Google Scholar 

  3. Mell, P., Grance, T.: The NIST Definition of Cloud Computing. NIST Special Publication 800-145 (September 2011)

    Google Scholar 

  4. Catteddu, D., Hogben, G. (eds.): Cloud Computing: Benefits, Risks and Recommendations for Information Security. ENISA Report (November 2009)

    Google Scholar 

  5. Cloud Security Alliance (CSA): Security Guidance for Critical Area of Cloud Computing V3.0 (2011)

    Google Scholar 

  6. Pearson, S.: Privacy, Security and Trust in Cloud Computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, Computer Communications and Networks. Springer (2012)

    Google Scholar 

  7. European DG of Justice: Article 29 Working Party, Opinion 05/12 on Cloud Computing (2012)

    Google Scholar 

  8. Baldwin, A., Pym, D., Shiu, S.: Enterprise Information Risk Management: Dealing with Cloud Computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, Computer Communications and Networks. Springer (2012)

    Google Scholar 

  9. CSA: The Notorious Nine Cloud Computing Top Threats in 2013. Top Threats Working Group (2013)

    Google Scholar 

  10. Ko, R.K.L., Lee, S.S.G., Rajan, V.: Understanding Cloud Failures. IEEE Spectrum 49(12), 84 (2012)

    Article  Google Scholar 

  11. Jansen, W., Grance, T.: Guidelines on Security and Privacy in Public Cloud Computing, Special Publication 800-144, NIST (December 2011)

    Google Scholar 

  12. Liu, F., et al.: NIST Cloud Computing Reference Architecture. NIST Special Publication 500-292 (September 2011)

    Google Scholar 

  13. CSA: Cloud Controls Matrix, v1.4, https://cloudsecurityalliance.org/research/ccm/

  14. Cloud Accountability Project (A4Cloud), www.a4cloud.eu

  15. Warren, S., Brandeis, L.: The Right to Privacy. 4 Harvard Law Review 193 (1890)

    Google Scholar 

  16. Westin, A.: Privacy and Freedom. Atheneum, New York (1967)

    Google Scholar 

  17. American Institute of Certified Public Accountants (AICPA) and CICA: Generally Accepted Privacy Principles (August 2009)

    Google Scholar 

  18. Solove, D.J.: A Taxonomy of Privacy. University of Pennyslavania Law Review 154(3), 477 (2006)

    Article  Google Scholar 

  19. Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review, 101–139 (2004)

    Google Scholar 

  20. Privacy Protection Study Commission: Personal Privacy in an Information Society, United Statues Privacy Protection Study Commission Fair Information Practices (1977)

    Google Scholar 

  21. Organisation for Economic Co-operation and Development (OECD): Guidelines for the Protection of Personal Data and Transborder Data Flows (1980)

    Google Scholar 

  22. ISO/IEC 27001: Information technology – Security techniques – Information security management systems – Requirements (2005)

    Google Scholar 

  23. EDPS: Opinion of the European Data Protection Supervisor on the Commission’s Communication on “Unleashing the potential of Cloud Computing in Europe” (2012)

    Google Scholar 

  24. EDPS: Responsibility in the Cloud should not be up in the air”. Article EDPS/12/15 (2012), http://europa.eu/rapid/press-release_EDPS-12-15_en.htm

  25. GSMA Mobile and Privacy: Accountability Framework for the implementation of the GSMA Privacy Design Guidelines for Mobile App Development (February 2012)

    Google Scholar 

  26. Cavoukian, A.: Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era. In: Yee, G. (ed.) Privacy Protection Measures andTechnologies in Business Organisations: Aspects and Standards, pp. 170–208. IGI Global (2012)

    Google Scholar 

  27. UK Information Commissioners Office (ICO): Privacy by Design. Report (2008)

    Google Scholar 

  28. Federal Trade Commission (FTC): Protecting Consumer Privacy in an Age of Rapid Change: Recommendations for Business and PolicyMakers. FTC Report (March 2012)

    Google Scholar 

  29. Microsoft Corporation: Privacy Guidelines for Developing Software Products and Services, Version 2.1a (2007)

    Google Scholar 

  30. Cannon, J.C.: Privacy: What Developers and IT Professionals Should Know. Addison Wesley (2004)

    Google Scholar 

  31. Spiekermann, S., Cranor, L.F.: Engineering Privacy. IEEE Transactions on Software Engineering 35(1), 67–82 (2009)

    Article  Google Scholar 

  32. Shen, Y., Pearson, S.: Privacy Enhancing Technologies: A Review. HP Labs External Technical Report, HPL-2011-113 (June 2011)

    Google Scholar 

  33. European DG of Justice: Article 29 Working Party. Opinion 3/2010 on the principle of accountability (WP 173) (July 2010)

    Google Scholar 

  34. ICDPP: 31st International Conference of Data Protection and Privacy ‘Data protection authorities from over 50 countries approve the “Madrid Resolution” on international privacy standards’ (2009), http://www.gov.im/lib/docs/odps//madridresolutionpressreleasenov0.pdf

  35. ISO/IEC 29100: Information technology – Security techniques – Privacy framework. Technical report, ISO JTC 1/SC 27

    Google Scholar 

  36. Papanikolaou, N., Pearson, S.: A Cross-Disciplinary Review of the Concept of Accountability. In: Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) (May 2013)

    Google Scholar 

  37. Pearson, S., Charlesworth, A.: Accountability as a Way Forward for Privacy Protection in the Cloud. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing. LNCS, vol. 5931, pp. 131–144. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  38. Catteddu, D., et al.: Towards a Model of Accountability for Cloud Computing Services. In: Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) (May 2013)

    Google Scholar 

  39. Omand, D., Bartlett, J., Miller, C.: DEMOS Report (2012), http://www.demos.co.uk/files/_Intelligence_-_web.pdf?1335197327

  40. CNIL: Methodology for Privacy Risk Management (2012), http://www.cnil.fr/fileadmin/documents/en/CNIL-ManagingPrivacyRisks-Methodology.pdf

  41. Castelluccia, C., Druschel, P., Hübner, S., et al.: Privacy, Accountability and Trust - Challenges and Opportunities. ENISA (2011)

    Google Scholar 

  42. Tancock, D., Pearson, S., Charlesworth, A.: Analysis of Privacy Impact Assessments within Major Jurisdictions. In: Proc. PST 2010, Ottawa, Canada. IEEE (August 2010)

    Google Scholar 

  43. Center for Information Policy Leadership (CIPL): Demonstrating and Measuring Accountability: A Discussion Document. Accountability Phase II –The Paris Project (2010)

    Google Scholar 

  44. Office of the Information and Privacy Commissioner of Alberta, Office of the Privacy Commissioner of Canada, Office of the Information and Privacy Commissioner for British Colombia: Getting Accountability Right with a Privacy Management Program (April 2012)

    Google Scholar 

  45. Bennett, C.J.: The Accountability Approach to Privacy and Data Protection: Assumptions and Caveats. In: Guagnin, D., et al. (eds.) Managing Privacy through Accountability, pp. 33–48. MacMillan (2012)

    Google Scholar 

  46. Cavoukian, A., Taylor, S., Abrams, M.: Privacy by Design: Essential for Organisational Accountability and Strong Business Practices. Identity in the Information Society 3(2), 405–413 (2010)

    Article  Google Scholar 

  47. Camenisch, J., Fischer-Hubner, S., Rannenberg, K. (eds.): Privacy and Identity Management for Life. Springer (2011)

    Google Scholar 

  48. Mowbray, M., Pearson, S.: Protecting Personal Information in Cloud Computing. In: Meersman, R., et al. (eds.) OTM 2012, Part II. LNCS, vol. 7566, pp. 475–491. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  49. Information Commissioner’s Office (ICO): Guidance on the Use of Cloud Computing (2012)

    Google Scholar 

  50. Horwath, C.: Enterprise Risk Management for Cloud Computing, COSO (June 2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Security and Cloud Lab, HP Labs, Bristol, UK

    Siani Pearson

Authors
  1. Siani Pearson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. STAR Lab, Vrije Universiteit Brussel, Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. CRAN, University of Lorraine, Campus Sciences, BP 70239, 54506, Vandoevre-les-Nancy, France

    Hervé Panetto

  3. Computer Science and Computer Engineering, La Trobe University, 3086, Melbourne, Victoria, Australia

    Tharam Dillon

  4. Dept. of Informatics Systems, University of Klagenfurt, Universitaetsstrasse 65, 9020, Klagenfurt, Austria

    Johann Eder

  5. LIRMM, University of Montpellier II, 161 Rue Ada, 34392, Montpellier Cedex 5, France

    Zohra Bellahsene

  6. Department of Informatics, University of Hamburg, 22527, Hamburg, Germany

    Norbert Ritter

  7. Department of Computer Sciences, VU University Amsterdam, De Boelelaan 1081, 1081 HV, Amsterdam, The Netherlands

    Pieter De Leenheer

  8. Computer and Information Science Department, University of Oregon, 97403, Eugene, OR, USA

    Deijing Dou

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pearson, S. (2013). On the Relationship between the Different Methods to Address Privacy Issues in the Cloud. In: Meersman, R., et al. On the Move to Meaningful Internet Systems: OTM 2013 Conferences. OTM 2013. Lecture Notes in Computer Science, vol 8185. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41030-7_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41030-7_30

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41029-1

  • Online ISBN: 978-3-642-41030-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation