Privacy in Cloud Computing : Applicability of Data Protection Law

Privacy in Cloud Computing includes the applicable laws for personal data. The data protection law is only applicable to personal data. The applicable laws for maintain the Privacy in Cloud Computing only comes into play precisely when such data is to be stored or processed within the cloud. The applicable data protection law is bound locally. Therefore, in normal as in the case of Privacy Policy, are examined in which spatial data may be sent and which not. In the previous article, named Privacy in Cloud Computing, we gave an elementary introduction for the more complex topics evolving the newest concern Privacy in Cloud Computing.

Privacy in Cloud Computing : Regional Laws

Within the EU:

EU Member States form a single market and a common legal space. This means that jointly the EU decisions are immediately transferred to local law of the Member States. In short, what is decided at the EU level, can also be found in the relevant law of a Member State. This ensures that one can speak of an uniform data protection law. Therefore, it is not surprising that in the EU data protection directives, it will be decided that the cross-border traffic within the EU must not present any obstacle.
Appropriate regulations can also be found in the Federal Data Protection Act. The community law, therefore prevents breech of Privacy in Cloud Computing to some extent. However, this is not applicable to the foreign companies that rise through a branch within the EU member states, since they are not bound by the Federal Privacy Act and thus the protection of sensitive data is not guaranteed.

Outside the EU:

Here, there is no difference to the normal case of data protection. It must therefore be ensured that the EU’s data protection guidelines are followed by additional agreements.

Requirements for a company:

Since the data protection legislation must therefore be applied in any case, companies have to bend to this and also should provide enough cloud computing privacy to ensure that these provisions are enforceable. In this case, that means concrete terms that must be dealt with access control, access and authorization controls.

Privacy in Cloud Computing : Contracts

Cloud providers provide the customers a variety of IT systems and / or IT infrastructure. Depending on the service rendered (providing web or file space, databases, applications, hosting services, etc.) These can be represented legally based on a business, rental or service agreement. The contract is not unique due to the fact that the legal contract terms of cloud contracts is not yet clearly established, till date.
From a technical point of view, it is basically commissioned data processing. The obligation to ensure the confidentiality and integrity of the data is still the principal. The cloud provider and its only auxiliary and support functions according to the specifications of the client is able to fulfill the obligations. Ideally, the service providers should not notice the actual, substantive data processing – that is what is an ideal privacy in cloud computing.
Comprehensive full transparency regarding the conditions of the executed services (processes of the cloud provider, security concept of the cloud provider, etc.) is thus the decisive argument for the client in the selection of a suitable partner in order to be able to fulfill the legal obligations.

When choosing a cloud provider, the client needs to consider, with whom and how many providers they want to enter into a direct contractual relationship. It is important to differentiate normally between the following situations:

Respect of desired services from a provider:

Between supplier and customer, a conventional bilateral contractual relationship is based on a service contract to the form using agreed SLAs (Service Level Agreement) is entered.

Respect of desired services from multiple providers through the use of a general contractor model:

The customer enters into a service contract with a contractor (general contractor), which in turn makes use of subcontractors to provide the agreed services. For the customer, this model provides the most convenient but also most expensive way to take IT services from different providers. There is a direct contact person, a so-called SPOC (Single Point of Contact), who mitigates the administrative burden.
In order to continue to fulfill the legal obligations (e.g. ensuring the confidentiality and integrity of data), the customer must be able to grant the appropriate rights to intervene in the subcontractors.

Respect of desired services from multiple providers through the use of a multi-vendor strategy:

A cheaper alternative is the multi-vendor strategy from different cloud providers services. Since no SPOC is available to coordinate all other participating provider, this Administrative expenses must be met by the customer himself/herself. A guarantee for the compatibility of the individual services is large.

Generally, however, the content of the contractual service should be taken to the follow the following points :

1. Detailed description of the service provided and the associated quality requirements
2. Clarification of the rights of use of licenses with SaaS.
3. SLA:
4. accurate service description (what performance is to be rendered as)
   Response times
   Recovery time
   Quality of Service
   Sanctions in the form of penalties (so-called penalties)
   Availability
5. Assurance of service provision to safeguard by regulations :
   Confidentiality
   Integrity
   Authenticity
   Availability
   Liability of data and other information

In the event of termination of the contractual relationship between client and provider contractual agreements regarding back-sorcing strategies as well as how to deal with the data sets should also be taken in to consideration.

Privacy in Cloud Computing : Further Reading

Readers can perform a search on this website for any matter related to Cloud Computing. However, here are some recommended articles related to Privacy in Cloud Computing.