Regulatory Impact of Data Protection and Privacy in the Cloud

Abstract. The use of cloud computing services has developed into a new method for deploying software and services and hosting data. The model has provided enormous social and economic benefits but at the same time it has also created potential privacy and security challenges for businesses, individuals and the governments. For example, the use of shared compute environment, data storage and access via internet has made information vulnerable to misuse, and thus, has made privacy a major concern for organisations adopting cloud services for storage and computation purpose. Generally, each country maintains their own laws and regulations to prevent frauds and protect their citizens from harm, including the potential dangers of data privacy, essential when internet and related technologies are involved. The European Union, for example, follows the overarching governmental regulations while the United States prefers the Sectoral Approach to Data Protection legislation, which relies on the combination of legislation, regulation and self regulation. This report discusses data protection issues related to cloud computing and identifies privacy laws enforced in the EU that can be applied to this model. Moreover, it also provides recommendations that cloud service providers can consider to implement in order to provide enhancements to their services and to demonstrate that they have taken all necessary measures to comply with the data protection principals in place.