Legal Issues and Requirements for Cloud Computing in e-Science
Cloud technologies have increasingly gained momentum in recent years, primarily due to their promise of enhanced performance, such as elasticity, scalability, risk reduction and the easy deployment of end-user services. Despite the great interest and success achieved by the Cloud model, there are still some legal issues raised both in the scientific sector and the information society as a whole. The objective of this paper is to provide the needed starting points for a reflection aimed at the creation of a new governance and legislative model on data protection, privacy and security to develop an efficient strategy on Cloud Computing, notably for government and e-Science, promoting innovation and interoperability in Europe.
KeywordsCloud Computing e-Science Privacy IPR Data security SLA Legal requirements
- 1.American Institute of Certified Public Accountants (AICPA), SAS No. 70 Audit, available at: http://sas70.com/index.html.
- 2.APEC Secretariat. (2005). APEC privacy framework. Available at: http://www.ema.gov.au/www/agd/rwpattach.nsf/VAP/(03995EABC73F94816C2AF4AA2645824B)~APEC+Privacy+Framework.pdf/$file/APEC+Privacy+Framework.pdf.
- 3.European Commission. (2012). Article 29 data protection working party, Opinion 05/2012 on Cloud Computing.Google Scholar
- 4.European Commission. (2010). Communication from the European commission to the European Parliament: A digital agenda for Europe. Available at: http://www.edps.europa.eu/EDPSWEB/webdav/site/mySiteshared/Documents/EDPS/Publications/Speeches/2010/10-0413_Speech_Cloud_Computing_EN.pdf.
- 5.European Commission. (2008). Green paper copyright in the knowledge economy. Available at: http://ec.europa.eu/internal_market/copyright/docs/copyrightinfso/greenpaper_en.pdf.
- 6.European Commission. (2009). IP/09/1544, European Commission puts challenges of books digitisation for authors, libraries and consumers on EU’s agenda. Available at: http://europa.eu/rapid/pressReleasesAction.do?reference=IP/09/1544.
- 7.European Parliament and the Council. (1995). Directive 95/46/EC of the European Parliament and of the council of October 24 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L 281, 23/11/1995, pp. 0031–0050. Available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML.
- 8.European Parliament and the Council. (2001). Directive 2001/29/EC of the European Parliament and the council on the harmonization of certain aspects of copyright and related rights in the information society. Available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2001:167:0010:0019:EN:PDF.
- 9.Hunstix P. (2010). Data protection and cloud computing under EU law. European Data Protection Supervisor. Third European Cyber Security Awareness Day. BSA. European Parliament. Available at http://www.edps.europa.eu/EDPSWEB/webday/site/mySite/shared/Documents/EDPS/Publications/Speeches/2010/10-0413_Speech_Cloud_Computing_EN.pdf.
- 10.Christian, A. Christiansen., Charles, J. Kolodgy., Sally, H., Gerry, P., (2010). White Paper: Identity and access management for approaching clouds, May 2010, IDC. Available at http://www.ca.com/us/~/media/files/industryanalystreports/cloud_security_wp_236234.aspx.
- 11.Kundra V. (2011). Federal cloud computing strategy. Available at: http://www.cio.gov/documents/federal-cloud-computing-strategy.pdf.
- 12.Mather, T., Kumaraswamy, S., & Latif, S. (2010). Cloud security and privacy (p. 149). Sebastopol: O’Reilly.Google Scholar
- 13.National Institute of Standards and Technology (NIST). (2010). Cloud computing standards roadmap document: NIST CCSRWG– 070 Eleventh Working Draft, 2011 National Institute of Standards and Technology (NIST), NIST Releases Guide for Applying the Risk Management Framework to Federal Information Systems (Special Publication 800-37, Revision 1). Available at: http://www.nist.gov/itl/csd/guide_030210.cfm.
- 14.National Institute of Standards and Technology (NIST). (2002). Statutory responsibilities for developing standards and guidelines, Federal Information Security Management Act (FISMA) of 2002, Public Law, pp. 107–347.Google Scholar
- 15.National Institute of Standards and Technology (NIST). (2002). The Federal Information Security Management Act of 2002 (“FISMA”, 44 U.S.C. § 3541 enacted in 2002 as Title III of the E-Government Act of 2002 agency.Google Scholar
- 16.National Research Council. (2008). Biosocial Survey, Committee on Advances in Collecting and Utilizing Biological Indicators and Genetic Information in Social Science Surveys, Maxine Weinstein, James W. Vaupel, and Kenneth W. Wachter, Editors, available at http://www.nap.edu/openbook.php?record_id=11939.
- 17.Organisation for Economic Co-operation and Development (OECD). (1980). Guidelines on the protection of privacy and transborder flows of personal data. Available at http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm.
- 18.The Committee on the Judiciary House of Representatives. (2010). Federal rules of civil procedures, Washington.Google Scholar
- 19.U.S. Department of Commerce. (2009). U.S.—EU safe harbor framework. Available at: http://trade.gov/publications/pdfs/safeharbor-selfcert2009.pdf.
- 20.U.S. Government. (1976). Copyright law of the United States and related laws contained in title 17 of the United states code. Available at: http://www.copyright.gov/title17/.
- 21.WTO. Agreement on trade-related aspects of intellectual property rights, available at http://www.wto.org/english/docs_e/legal_e/27-trips.pdf