Skip to main content
SpringerLink
Log in

IoT and Cloud Computing: Specific Security and Data Protection Issues

  • Chapter
  • First Online:
Book cover Internet of Things Security and Data Protection

Part of the book series: Internet of Things ((ITTCC))

  • 2029 Accesses

Abstract

This chapter will address the specific challenges related to cloud computing and will be directly fed by results from the project CloudWatch2.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    P. Balboni, Il cloud computing e l’internet of things (“IoT”): come minimizzare i rischi legali, 2016, p. 27.

  2. 2.

    ivi, p. 26.

  3. 3.

    The definition of the “Internet of things” has been given by Kevin Ashton while working at Procter & Gamble: “[i]f we had computers that knew everything there was to know about things—using data they gathered without any help from us—we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best” (Web Magazine Radio Frequency Identification Journal, 1999).

  4. 4.

    See also, Aspen Institute: https://www.aspeninstitute.it/system/files/inline/Internet%20of%20Things.pdf.

  5. 5.

    P. Mell, T. Grance, The NIST Definition of Cloud Computing, Version 15, 2009.

  6. 6.

    G. Malgieri, I soggetti coinvolti nel trattamento dei dati personali nel cloud computing la rottura del dualismo controller—processor, Op. J. Vol. I, n. I/2015.

  7. 7.

    Under a data protection point of view, it should be then further assessed when the provider is to be considered as a data controller (defined by Article 4.1.7 GDPR as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law) or as a data processor (described by Article 4.1.8 GDPR as a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller).

  8. 8.

    Cloud Infrastructure Services Provider in Europe.

  9. 9.

    https://www.enisa.europa.eu/topics/cloud-and-big-data/cloud-security.

  10. 10.

    http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp196_en.pdf.

  11. 11.

    L. Bolognini, Servizi di cloud computing e protezione dei dati personali in ambito bancario, 2015.

  12. 12.

    Article 4.1.1 describes personal data as any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  13. 13.

    Recitals 60 and 62, Article 13 GDPR.

  14. 14.

    Recitals 42 and 43, Articles 7 and 13 GDPR.

  15. 15.

    Recitals 65 and 66, Article 17 GDPR.

  16. 16.

    http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf.

  17. 17.

    Article 9.1 prescribed that processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited, unless one of the exception listed in Article 9.2 applies.

  18. 18.

    Article 35.1 GDPR: Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks.

  19. 19.

    Opinion 03/2016 on the evaluation and review of the ePrivacy Directive (2002/58/EC): “With the development of the Internet of things, more and more data could be transmitted ‘by default’ for technical reasons, but used for intrusive purposes (notably marketing purposes) not related to the initial purpose of the broadcasting. In short, the rules governing the collection of information from user devices should not depend on the kind of device owned by the data subject nor on the technology employed by an organisation, especially with regard to the use of information for marketing and market analysis purposes”.

  20. 20.

    http://www.cloudwatchhub.eu/cloudwatch2-think-cloud-services-government-business-and-research-0.

Author information

Authors and Affiliations

  1. Istituto Italiano per la Privacy, Rome, Italy

    Luca Bolognini & Paolo Balboni

Authors
  1. Luca Bolognini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paolo Balboni
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Luca Bolognini .

Editor information

Editors and Affiliations

  1. Mandat International, Geneva, Switzerland

    Sébastien Ziegler

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Bolognini, L., Balboni, P. (2019). IoT and Cloud Computing: Specific Security and Data Protection Issues. In: Ziegler, S. (eds) Internet of Things Security and Data Protection. Internet of Things. Springer, Cham. https://doi.org/10.1007/978-3-030-04984-3_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-04984-3_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-04983-6

  • Online ISBN: 978-3-030-04984-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation