Your browser does not support JavaScript!

Cloud computing and personal data processing: sorting-out legal requirements

Cloud computing and personal data processing: sorting-out legal requirements

For access to this article, please select a purchase option:

Buy chapter PDF
(plus tax if applicable)
Buy Knowledge Pack
10 chapters for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
Data Security in Cloud Computing — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Cloud computing facilitates and accelerates the collection and processing of (personal) data and the development of new services and applications. When data collection involves personal data, specific risks and challenges for privacy and data protection of the individuals arise. The interference with privacy and data protection necessitates the implementation of appropriate safeguards. Therefore, new impacts and risks need to be analysed and assessed. In the cloud computing context, privacy and data protection should not be inferior to the level of protection required in any other data processing context. Looking at the European legal framework, the EU has thorough legislation for the protection of personal data. The new General Data Protection Regulation introduces detailed provisions establishing obligations and new instruments, such as certification. In addition, the EU data protection legislation has what is often called an extra-territorial effect, which entails that under conditions is applicable to natural or legal persons not established in the EU jurisdiction. The extra-territorial effect of the EU data protection legislation makes the EU legislation relevant for service providers who are not established in the EU but are processing personal data of EU citizens. This chapter aims to provide an overview of the legal requirements applicable to cloud-based applications and data processing, drawing examples primarily from the EU legal framework. This overview can serve as an index of key obligations and responsibilities for cloud service providers and cloud clients, but also for further research purposes (i.e. comparative analysis with other legal frameworks).

Chapter Contents:

  • Abstract
  • Keywords
  • 10.1 Introduction: the emergence of cloud and the significance of a secure cloud
  • 10.2 Cloud computing and the extra-territorial effect of EU data protection law
  • 10.3 The EU legal framework on data protection
  • 10.3.1 The Data Protection Directive 95/46/EC
  • 10.3.2 The new General Data Protection Regulation
  • 10.4 Data controller, data processor and cloud computing actors: assigning roles and responsibilities
  • 10.4.1 Cloud client and cloud service provider
  • 10.4.2 Sub-contractors
  • 10.5 Duties and responsibilities of the cloud computing actors
  • 10.5.1 Compliance with the general personal data processing principles
  • Transparency
  • Purpose specification and limitation
  • Storage limitation
  • Responsibility and accountability in the cloud
  • 10.5.2 Technical and organisational measures of data protection and data security
  • Availability
  • Integrity
  • Confidentiality
  • Isolation
  • Intervenability
  • Portability
  • IT accountability
  • 10.5.3 Data protection impact assessments in cloud computing
  • 10.5.4 Audits and certifications
  • 10.6 Data flows and appropriate safeguards
  • 10.6.1 Adequacy decisions
  • 10.6.2 Alternative ways for data transfers by means of 'appropriate safeguards'
  • 10.7 Conclusions
  • References

Inspec keywords: law; sorting; cloud computing; data protection

Other keywords: EU data protection legislation; privacy protection; cloud computing; sorting-out legal requirements; European legal framework; data collection; personal data processing

Subjects: Legal aspects of computing; Information networks; Internet software; Data security

Preview this chapter:
Zoom in

Cloud computing and personal data processing: sorting-out legal requirements, Page 1 of 2

| /docserver/preview/fulltext/books/sc/pbse007e/PBSE007E_ch10-1.gif /docserver/preview/fulltext/books/sc/pbse007e/PBSE007E_ch10-2.gif

Related content

This is a required field
Please enter a valid email address