• Home
  • Blog
  • Top privacy issues for cloud computing

Top privacy issues for cloud computing

Cloud Privacy

Cloud computing refers to the underlying infrastructure for a model of service provision that has the advantage of reducing cost by sharing computing and storage resources, combined with an on-demand provisioning mechanism relying on a pay-per-use business model.

These new features have a direct impact on information technology (IT) budgeting but also affect traditional security, trust and privacy mechanisms.

The advantages of cloud computing—its ability to scale rapidly, store data remotely and share services in a dynamic environment— can become disadvantages in maintaining a level of assurance sufficient to sustain confidence in potential customers.

Some core traditional mechanisms for addressing privacy (such as model contracts) are no longer flexible or dynamic enough, so new approaches need to be developed to fit this new paradigm.

Current cloud services pose an inherent challenge to data privacy because they can result in data being exposed in an unencrypted form on a machine owned and operated by a different organization from the data owner.

The major privacy issues relate to trust (e.g. whether there is unauthorized secondary usage of personally identifiable information), uncertainty (ensuring that data has been properly destroyed, who controls retention of data, how to know that privacy breaches have occurred and how to determine fault in such cases) and compliance (in environments with data proliferation and global, dynamic flows and addressing the difficulty in complying with transborder data flow requirements).

Below are a number of aspects that illustrate best these privacy issues:

  • Lack of User Control - As soon as a SaaS environment is used, the service provider becomes responsible for storage of data, in a way in which visibility and control is limited. So how can a consumer retain control over their data when it is stored and processed in the cloud?
  • Lack of Training and Expertise - People may lack understanding about the privacy impact of decisions they make. Unless proper management procedures are in place, there is a danger that employees could switch to using cloud computing services without adequately considering the consequences and risks for that particular situation.
  • Unauthorized Secondary Usage - There is a risk that data stored or processed in the cloud may be put to unauthorized uses. It is part of the standard business model of some cloud service providers (“CSP”) that the service provider may gain revenue from authorized secondary uses of users' data, most commonly the targeting of advertisements.
  • Complexity of Regulatory Compliance - Due to the global nature of cloud computing and the many legislations in place around the world, it can be complex and difficult to ensure compliance with all the legislation that may apply in a given case.
  • Addressing Transborder Data Flow Restrictions - Privacy and data protection regulations restrict transfer of personal information across national borders, which includes restricting both the physical transfer of data and remote access to the data.
  • Litigation - Another aspect is litigation: a CSP may be forced to hand over data stored in the cloud. A government only needs to show the requested material is relevant to the case for a subpoena, whereas for a warrant, probable cause must be demonstrated.
  • Legal Uncertainty - Legal frameworks have been instrumental and key to the protection of users' personal and sensitive information. The dynamically changing nature of cloud computing, potentially combined with cross-jurisdictional interactions, introduces legal aspects that need to be carefully considered when processing data.

Cloud computing offers significant challenges for organizations that need to meet various global privacy regulations, including the complexity of existing global legislation necessitating legal advice.

Cloud faces the same privacy issues as other service delivery models, but it can also magnify existing issues, especially transborder data flow restrictions, liability and the difficulty in knowing the geographic location of processing and which specific servers or storage devices will be used. In addition, care must be taken to delete data and virtual storage devices, especially with regard to device reuse.

Get in touch

Our team will be glad to help you anytime with general
or technical questions.