Skip to main content

Bringing Accountability to the Cloud: Addressing Emerging Threats and Legal Perspectives

Part of the Communications in Computer and Information Science book series (CCIS,volume 182)


This paper is concerned with accountability in cloud ecosystems. The separation between data and data subjects as well as the exchange of data between cloud consumers and providers increases the complexity of data governance in cloud ecosystems, a problem which is exacerbated by emerging threats and vulnerabilities. This paper discusses how accountability addresses emerging issues and legal perspectives in cloud ecosystems. In particular, it introduces an accountability model tailored to the cloud. It presents on-going work within the Cloud Accountability Project, highlighting both legal and technical aspects of accountability.


  • Accountability
  • Data governance
  • Cloud computing

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-41205-9_3
  • Chapter length: 13 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-642-41205-9
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   74.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.


  1. 1.

    Under Article 29 of the Data Protection Directive, a Working Party on the Protection of Individuals with regard to the Processing of Personal Data is established, made up of the Data Protection Commissioners from the Member States together with a representative of the European Commission. The Working Party is independent and acts in an advisory capacity. The Working Party seeks to harmonize the application of data protection rules throughout the EU, and publishes opinions and recommendations on various data protection topics.


  1. European Commission: Advances in Clouds – Research in future cloud computing. Expert Group Report, Public version 1.0. European Union (2012)

    Google Scholar 

  2. ENISA: Cloud computing: benefits, risks and recommendations for information security. European Network and Information Security Agency (2009)

    Google Scholar 

  3. Mell, P., Grance, T.: The NIST Definition of Cloud Computing. NIST Special Publication 800-145 (2011)

    Google Scholar 

  4. Article 29 Data Protection Working Party: Opinion 3/2010 on the principle of accountability, 00062/10/EN WP 173 (2010)

    Google Scholar 

  5. The Galway Project: Accountability: A compendium for stakeholders. The Centre for Information Policy Leadership (2011)

    Google Scholar 

  6. Guagnin, D., et al. (eds.): Managing Privacy Through Accountability. Palgrave Macmillan, Basingstoke (2012)

    Google Scholar 

  7. Weitzner, D.J., et al.: Information accountability. Commun. ACM 51(6), 82–87 (2008)

    CrossRef  Google Scholar 

  8. Pearson, S.: Toward accountability in the cloud. IEEE Internet Comput. 15(4), 64–69 (2011)

    CrossRef  Google Scholar 

  9. Stilgherrian: Collateral damage in the copyright wars. Accessed June 2013

  10. Bennett, C., Molnar, A., Parsons, C.: Forgetting, Non-Forgetting and Quasi-Forgetting in Social Networking: Canadian Policy and Corporate Practice. Accessed 28 Jan 2013

  11. Dumortier, J., Goemans, C.: Legal challenges for privacy protection and identity management. In: Jerman-Blažič, B., Schneider, W., Klobučar, T. (eds.) Security and Privacy in Advanced Networking Technologies. NATO Science Series, III: Computer and Systems Science, vol. 193, pp. 191–212. IOS Press, Amsterdam (2004)

    Google Scholar 

  12. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L 281, 23 Nov 1995, pp. 0031–0050 (1995)

    Google Scholar 

  13. Kuner, C.: European Data Protection Law – Corporate Compliance and Regulation, p. 51. Oxford University Press, Oxford (2008)

    Google Scholar 

  14. Walden, I.: Privacy and data protection. In: Reed, C., Angel, J. (eds.) Computer Law: The Law and Regulation of Information Technology, 7th edn. Oxford University Press, Oxford (2011)

    Google Scholar 

  15. Holznagel, B., Sonntag, M.: A case study: the JANUS project. In: Nicoll, C., Prins, J.E.J., van Dellen, M.J.M. (eds.) Digital Anonymity and the Law – Tensions and Dimensions, Information Technology and Law (No. 2). TMC Asser Press, The Hague (2003)

    Google Scholar 

  16. Proposal for a General Data Protection Regulation, COM (2012) 11 final, 25 January 2012

    Google Scholar 

  17. Löhr, H., Sadeghi, A.-R., Winandy, M.: Securing the e-health cloud. In: Veinot, T. (ed.) Proceedings of the 1st ACM International Health Informatics Symposium (IHI’10), pp. 220–229. ACM (2010)

    Google Scholar 

  18. Article 29 Data Protection Working Party, Opinion 05/2012 on Cloud Computing, 01037/12/EN, WP196 (2012)

    Google Scholar 

Download references


This work has been partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD – Cloud Accountability Project. Figure 2 Threats in a Cloud Ecosystem is taken from a presentation by Siani Pearson. Figure 4 Example of data flows in a cloud ecosystem is based on original by Karin Bernsmed. We also would like to thank the contributions to the accountability conceptual framework of our partners within the Cloud Accountability Project: Daniele Catteddu, Giles Hogben, Amy Holcroft, Theofrastos Koulouris, Ronald Leenes, Christopher Millard, Maartje Niezen, David Nuñez, Nick Papanikolaou, Siani Pearson, Daniel Pradelles, Chris Reed, Chunming Rong, Jean-Claude Royer, Dimitra Stefanatou, Vasilis Tountopoulos, Tomasz Wiktor Wlodarczyk.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Nick Wainwright .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Felici, M., Jaatun, M.G., Kosta, E., Wainwright, N. (2013). Bringing Accountability to the Cloud: Addressing Emerging Threats and Legal Perspectives. In: Felici, M. (eds) Cyber Security and Privacy. CSP 2013. Communications in Computer and Information Science, vol 182. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41204-2

  • Online ISBN: 978-3-642-41205-9

  • eBook Packages: Computer ScienceComputer Science (R0)