Implementing Privacy Policies in the Cloud

The provision of a cloud service must fulfil policies to comply with requirements coming from different sources. One of the main sources is the European Data Protection Directive that sets out legal obligations for the cloud adoption and provision. Cloud providers that rely on the use of additional cloud services need to make sure that the level of protection offered by these is adequate. Implementing privacy policies in the cloud requires taking into account the privacy related practices adopted by service providers even during the procurement phase. Moving towards a transparency-based service provision approach, additional information that cloud customers need to evaluate is evidence of compliance with privacy policies that CSPs are able to provide. This paper gives an overview of the processes entailed for the implementation of privacy policies.