Privacy and Legal Issues in Cloud Computing

Privacy and Legal Issues in Cloud Computing

Elgar Law, Technology and Society series

Edited by Anne S.Y. Cheung and Rolf H. Weber

Adopting a multi-disciplinary and comparative approach, this book focuses on emerging and innovative attempts to tackle privacy and legal issues in cloud computing, such as personal data privacy, security and intellectual property protection. Leading international academics and practitioners in the fields of law and computer science examine the specific legal implications of cloud computing pertaining to jurisdiction, biomedical practice and information ownership. This collection offers original and critical responses to the rising challenges posed by cloud computing.

Chapter 5: Cross-border data flow in the cloud between the EU and the US

Dominic N. Staiger

Subjects: asian studies, asian law, law - academic, information and media law, intellectual property law, internet and technology law, law and society, regulation and governance, politics and public policy, public policy, regulation and governance


The flow of data across borders, in particular that of personal data, from the European Union (EU) to the US poses significant challenges for cloud providers as well as their European business clients. Critical but unresolved issues include agreeing on standards for the required data protection which must be observed in relation to the identifiability of personal data, as well as the contractual rights granted to the cloud provider and its customers under various Terms of Service (ToS). Furthermore the necessary level of control and the accompanying degree of responsibility under European data protection laws also warrant a closer analysis in the context of cloud computing. Due to the vast technological changes over the last two decades, laws relating to data protection have had to be constantly adapted to technological advancements in order for their regulatory purpose to be achieved. Unfortunately any enactment or amendment of law requires a significant period of time. For instance, the Data Protection Directive (DPD) was enacted in the mid-1990s to address concerns raised by personal data transfers to countries outside the EU. At the time the DPD was passed, cloud computing did not exist and the main application of the legislation focused on simple point to point transfers from a European sender to a foreign recipient. By the early 21st century, the situation had changed completely. Now, not only has the potential of cloud computing been recognized, the challenges it poses have urged a new legal response (please see the discussion in Chapter 4).

You are not authenticated to view the full text of this chapter or article.

Elgaronline requires a subscription or purchase to access the full text of books or journals. Please login through your library system or with your personal username and password on the homepage.

Non-subscribers can freely search the site, view abstracts/ extracts and download selected front matter and introductory chapters for personal use.

Your library may not have purchased all subject areas. If you are authenticated and think you should have access to this title, please contact your librarian.

Further information