Abstract
The provision of a cloud service must fulfil policies to comply with requirements coming from different sources. One of the main sources is the European Data Protection Directive that sets out legal obligations for the cloud adoption and provision. Cloud providers that rely on the use of additional cloud services need to make sure that the level of protection offered by these is adequate. Implementing privacy policies in the cloud requires taking into account the privacy related practices adopted by service providers even during the procurement phase. Moving towards a transparency-based service provision approach, additional information that cloud customers need to evaluate is evidence of compliance with privacy policies that CSPs are able to provide. This paper gives an overview of the processes entailed for the implementation of privacy policies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
European Commission (EC): Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)
CSA Privacy Level Agreement. https://downloads.cloudsecurityalliance.org/initiatives/pla/Privacy_Level_Agreement_Outline.pdf
Article 29 Data Protection Working Party: Opinion 1/2010 on the concepts of “controller and processor”, adopted on 16 February 2010. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp169_en.pdf
Egea, M., Matteucci, I., Mori, P., Petrocchi, M.: Definition of data sharing agreements. In: Felici, M., Fernández-Gago, C. (eds.) A4Cloud 2014. LNCS, vol. 8937, pp. 248–272. Springer, Heidelberg (2015)
Cloud Accountability Project (A4CLoud). http://www.a4cloud.eu/
Coco Cloud Project. http://www.coco-cloud.eu/
Patel, P., Ranabahu, A.H., Sheth, A.P.: Service Level Agreement in Cloud Computing (2009)
Casassa-Mont, M., Matteucci, I., Petrocchi, M., Sbodio, M.L.: Towards safer information sharing in the Cloud. Int. J. Inf. Secur. 14, 1–16 (2014)
EU PRIME Project. www.prime-project.eu/
EU PrimeLife Project. http://primelife.ercim.eu/
EU Consequence Project, Context-aware Data-centric Information Sharing. www.consequence-project.eu/
Pearson, S., Casassa-Mont, M.: Sticky policies: An approach for managing privacy across multiple parties. IEEE Comput. 44(9), 60–68 (2011). IEEE
Platform for Privacy Preferences Project, (P3P). www.w3.org/P3P/
Enterprise Privacy Authorization Language (EPAL 1.2). http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification
Information Commissioners Office: Assessing Adequacy - International transfers of personal data (2012). https://ico.org.uk/media/for-organisations/documents/1529/assessing_adequacy_international_data_transfers.pdf
Alnemr, R., Pearson, S., Leenes, R., Mhungu, R.: COAT: cloud offerings advisory tool. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 95–100. IEEE (2014)
Manea, M., Petrocchi, M.: Engineering the lifecycle of data sharing agreements. ERCIM News 100, 20–21 (2015)
Di Cerbo, F., Some, D.F., Gomez, L., Trabelsi, S.: PPL v2.0: uniform data access and usage control on cloud and mobile. In: TELERISE - 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and Security, Affiliated workshop with ICSE (2015)
Colombo, M., Lazouski, A., Martinelli, F., Mori, P.: A proposal on enhancing XACML with continuous Usage Control features. In: Desprez, F., Getov, V., Priol, T., Yahyapour, R. (eds.) Proceedings of CoreGRID ERCIM Working Group Workshop on Grids, P2P and Services Computing, pp. 133–146. Springer, Heidelberg (2010)
Trabelsi, S., Njeh, A., Bussard, L., Neven, G.: PPL engine: A symmetric architecture for privacy policy handling. In: W3C Workshop on Privacy and Data Usage Control 4(5) (2010)
OASIS XACML TC. eXtensible Access Control Markup Language (XACML) Version 3.0 (2010)
OpenStack Open Source Cloud Computing Software. https://www.openstack.org/
Azraoui, M., Elkhiyaoui, K., Önen, M., Bernsmed, K., De Oliveira, A.S., Sendor, J.: A-PPL: an accountability policy language. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/SETOP/QASA 2014. LNCS, vol. 8872, pp. 319–326. Springer, Heidelberg (2015)
Azraoui, M., Elkhiyaoui, K., Önen, M., Bernsmed, K., de Oliveira, S., Anderson, Sendor, J.: A-PPL: An accountability policy language. EURECOM Research Report RR-14-294 (2014). http://www.eurecom.fr/publication/4372
Swift’s documentation. http://docs.openstack.org/developer/swift/
D’Errico, M., Pearson, S.: Towards a Formalised Representation for the technical enforcement of privacy level agreements. In: Proceedings of the IEEE 1st International Workshop on Legal and Technical Issues in Cloud Computing (CLaw), pp. 422–427
Acknowledgments
This work has been partially funded from the European Commission’s Seventh Programme (FP7/2007-2013) under grant agreements no. 317550 (A4CLOUD) and no. 610853 (Coco Cloud).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Caimi, C., D’Errico, M., Gambardella, C., Manea, M., Wainwright, N. (2015). Implementing Privacy Policies in the Cloud. In: Cleary, F., Felici, M. (eds) Cyber Security and Privacy. CSP 2015. Communications in Computer and Information Science, vol 530. Springer, Cham. https://doi.org/10.1007/978-3-319-25360-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-25360-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25359-6
Online ISBN: 978-3-319-25360-2
eBook Packages: Computer ScienceComputer Science (R0)