Advertisement

Legal Aspects of Cloud Accountability

  • Brian Dziminski
  • Niamh Christina Gleeson
Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8937)

Abstract

This paper explores the legal aspects of Cloud accountability which are being examined in great detail in the Cloud Accountability Project. This paper first provides an overview of the basic legal framework of the US and the EU, addresses the lawmaking process, and the impact and enforcement of jurisdiction. The primary laws within the data protection framework are then further explored, as such regulations have the greatest impact on the Cloud, Cloud providers, Cloud customers, and, ultimate, Cloud users. This paper then explores the role of contracts in the Cloud. Finally, all of the analysis is pulled together in discussing how the Cloud Accountability Project is addressing these legal aspects and how such aspects should influence Cloud actors, especially Cloud providers, in their policies and legal governance.

Keywords

Cloud accountability project A4cloud Cloud computing law Data protection Cloud contracts Cloud legal aspects 

References

  1. 1.
    Zippo Manufacturing Co. v. Zippo Dot Com, Inc., 952 F.Supp. 1119 (W.D. Pa. 1997)Google Scholar
  2. 2.
    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Official Journal L 281, 23/11/1995, pp. 31 – 50. (Hereafter referred to as the ‘Directive’ and/or the ‘DPD’)Google Scholar
  3. 3.
    Global Tables of Data Privacy Laws and Bills (3rd edn., June 2013), UNSW Law Research Paper No. 2013-39Google Scholar
  4. 4.
    Data protection law reform proposals published by the European Commission on 25 January 2012 are available at http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm
  5. 5.
    WP169, Opinion 1/2010 on the Concepts of ‘Controller’ and ‘Processor’, WP 169 (2010)Google Scholar
  6. 6.
    Commission decisions on the adequacy of the protection of personal data in third countries published by the European Commission available at http://ec.europa.eu/justice/data-protection/document/international-transfers/adequacy/index_en.htm
  7. 7.
    Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU0), [12 February 2010] OJ L39/5Google Scholar
  8. 8.
  9. 9.
    EU Member State data protection authorities are listed on the European Commission website at http://ec.europa.eu/justice/data-protection/bodies/authorities/eu/index_en.htm
  10. 10.
    Millard, et al.: Cloud Computing Law (2013, OUP Oxford) Part III Protection of Personal Data in Clouds, pp. 165–282Google Scholar
  11. 11.
    Hon, W., Millard, C., Walden, I.: What is regulated as personal data in clouds? In: Millard, C. (ed.) Cloud Computing Law, chap. 7, pp. 167–192. Oxford University Press, Oxford (2013)Google Scholar
  12. 12.
    Opinion 4/2007 on the Concept of Personal Data, WP 136 (2007)Google Scholar
  13. 13.
    Hon, W., Millard, C., Walden, I.: Who is responsible for personal data in the clouds? In: Millard, C. (ed.) Cloud Computing Law, chap. 8, pp. 193–219. Oxford University Press, Oxford (2013)Google Scholar
  14. 14.
    A29WP, Opinion 1/2010 on the Concepts of ‘Controller’ and ‘Processor’, WP169 (2010)Google Scholar
  15. 15.
    A29WP, Opinion 05/2012 on Cloud Computing, WP196 (2012)Google Scholar
  16. 16.
    Hon, W., Hörnle, J., Millard, C.: Which law(s) apply to personal data in clouds? In: Millard, C. (ed.) Cloud Computing Law, chap. 9. Oxford University Press, Oxford (2013)Google Scholar
  17. 17.
    Hon, W., Millard, C., Walden, I.: How do restrictions on international data transfers work in clouds? In: Millard, C. (ed.) Cloud Computing Law, chap. 10, pp. 254–282. Oxford University Press, Oxford (2013)Google Scholar
  18. 18.
    Decision and Order, In the Matter of GeoCities, Inc., FTC File No. 98203915, 12 February 1999. www.ftc.gov/os/1999/02/9823015.do.htm
  19. 19.
    Decision and Order, In the Matter of Eli Lilly & Co., FT File No. 012-3214, 10 May 2002. www.ftc.gov/os/1999/02/9823015.do.htm
  20. 20.
    Decision and Order, In the Matter of Gateway Learning Corp., FTC File No. 042-3047, 17 September 2004. www.ftc.gov/os/caselist/0423047/040917do0423047.pdf
  21. 21.
    Decision and Order, In the Matter of Google Inc., FTC File No. 102-3136, 30 March 2011. www.ftc.gov/os/caselist/1023136/110330googlebuzzagreeorder.pdf
  22. 22.
    Decision and Order, In the Matter of Facebook, Inc., FTC File No. 092-3184, 29 November 2011. http://ftc.gov/os/caselist/0923184/111129facebookagree.pdf
  23. 23.
    Federal Trade Commission v. Wyndham Worldwide Corporation, et al., Case No. 2 :13-cv-1887 (ES-JAD), United States District Court, District of New Jersey, Doc. No. 181 filed April 7, 2014Google Scholar
  24. 24.
    US Government White House ‘Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy’ February 23, 2012 available at www.whitehouse.gov/sites/default/files/privacy-final.pdf
  25. 25.
    Federal Trade Commission report ‘Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers’ March 26, 2012 available at http://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf
  26. 26.
    Bradshaw, S., Millard, C., Walden, I.: Standard contracts for cloud services. In: Millard, C. (ed.) Cloud Computing Law, chap. 3, pp. 39–72. Oxford University Press, Oxford (2013)Google Scholar
  27. 27.
    Hon, W., Millard, C., Walden, I.: Negotiated contracts for cloud services. In: Millard, C. (ed.) Cloud Computing Law, chap. 4, pp. 73–107. Oxford University Press, Oxford (2013)Google Scholar
  28. 28.
    Gleeson, N., Walden, I.: It’s a jungle out there’?: Cloud computing, standards and the law. Eur. J. Law Technol. 5(2) (2014)Google Scholar
  29. 29.
    OFT (2012) “Price Comparison Websites. Trust, Choice and Consumer Empowerment in online markets” (November 2012, OFT 1467). European Commission ‘Comparison Tools – Report from the Multi-Stakeholder Dialogue, Providing consumers with transparent and reliable information’ (Report presented at the European Consumer Summit 18–19 March 2013)Google Scholar
  30. 30.
    Papers and updates on A4Cloud tools are available at the project website at www.a4cloud.eu

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.School of Law, Centre for Commercial Law StudiesQueen Mary University of LondonLondonUK

Personalised recommendations