Legal Aspects of Data Protection in Cloud Federations [chapter]

Attila Kertesz, Szilvia Varadi
2013 Security, Privacy and Trust in Cloud Systems  
Introduction Cloud Computing offers on-demand access to computational, infrastructure and data resources operated from a remote source. Taking advantage of flexible resource provisions enabled by the Cloud technology, many businesses have recently migrated their IT applications and data to the Cloud, allowing them to respond to new demands and requests from customers. The technical motivation for Cloud Computing has been introduced in [4] [47] . Cloud solutions enable businesses with the option
more » ... to outsource the operation and management of IT infrastructure and services, allowing the business and its employees to concentrate on their core competencies. This new technology enables services to be designed and tailored to the individual requirements of a business, and it also moves functions and responsibilities away from local ownership and management to a service provided by a third-party, and raises several legal issues, such as data protection, which require this service to comply with necessary regulation. As more and more businesses become global, concerns also remain over privacy of widely-distributed data and its processing. Regulations focusing on geographical locations may be a large obstacle to a widespread adoption of Cloud Computing solutions by companies [45] . As a result of the pace of technical and economic progress in this field, it is important to determine the compliance of common Cloud Computing usage patterns with legal constraints and requirements. In this chapter we provide a method for and the results of an evaluation of commonly-observed Cloud federation use cases against the law applying to Cloud Computing. First we derive a general architecture for Clouds from definitions of international standardization bodies, and use it to identify common Cloud Computing usage patterns. To point out where legal problems may arise, we summarize the national laws related to data protection of major countries, then we assess the revealed use cases against evaluation criteria derived from legislation for the data processing of end-user details and materials, including the roles and responsibilities necessary for legal compliance. To clarify and exemplify legal compliance in the identified usage patterns, we consider the Data Protection Directive [18] of the European Union, which is a commonly accepted and influential directive in the field of data processing legislation. A paper by Bygrave [3] investigated the possible impact of this directive on the activities of E-commerce operators, and a deliverable of the OPTIMIS European project [38] studied in detail the applicability of this directive for their own Cloud deployment models. In this chapter we take a step forward and examine use cases identified in a generalized architecture compiled from reports of international expert groups, bodies and research projects.
doi:10.1007/978-3-642-38586-5_15 fatcat:l74bht5pvvaixobnbo2p4sovqu