In basic terms cloud storage is a way to save information to the web. In legal terms that simple proposition carries a complex web of rights, responsibilities and obligations, particularly for business users.
By using the cloud you are able to access your files from any computer in the world providing that you have an internet connection. If you use services such as Google Docs, Yahoo Mail, Facebook or iCloud then you are already using the cloud.
Cloud storage services are online services that supposedly store your information safely and securely. In many cases they offer a quicker and easier way to back up files than conventional methods.
However, there is a perception that significant risks arise from cloud storage in relation to data protection, safe data storage and access which has led to considerable legal complexity in this area.
Data Protection and Cloud Storage
Cloud storage raises a number of thought-provoking issues.
Data protection laws are founded on the presupposition that it is understood where personal data is located, who it is that is processing it and who is responsible for the data processing itself. Cloud services appear to profoundly conflict with this, especially when end users are businesses that collect data and then upload it to cloud based services provided by third parties.
If you use an e-mail service based on the cloud; your data can be stored anywhere your cloud service provider chooses for reasons of storage capacity and efficiency. Individuals using cloud services directly must therefore be comfortable with their choice of provider taking this into account. Businesses using a provider to store information about their employees or customers have an additional responsibility to make sure that the provider does not jeopardise their compliance responsibilities or their stakeholder relationships.
In wake of the Prism revelations in the summer of 2013; over 9% of organisations that use cloud services have changed their supplier. Documents revealed that the US National Security Agency used Prism to access data stored by major technology companies and then shared it with UK security services.
Demand for Amending Data Protection Laws
According to a survey of 250 senior IT and business decision makers by the Cloud Industry Forum (CFT), 88% of organisations have concerns about storing data on the cloud. Therefore, there is a demand that statutory provisions regarding data protection be adjusted in the near future.
Recently there have been incidents regarding the iCloud nude leaks which affected over 100 celebrities. Over 100 individual iCloud accounts were hacked and the private files and photos stored were leaked and their passwords stolen. This brought mainstream attention to the issue.
In answer to the question “do you trust cloud sharing websites with your personal data?” 74% of people who voted said no. In addition there were recent privacy concerns when individuals were automatically presented with the band U2’s latest music upon updating their Apple iCloud service.
Given the globalised environment in which the cloud operates, radical legal proposals have been mooted to deal with the myriad of complex legal issues that are evolving. A legal position that assigns ownership and responsibility for the safeguarding of individual data to that individual user is one example. However, this is highly unlikely in the short term.
Therefore, as long as no special data protection provisions apply to cloud computing, businesses using cloud service providers have little choice but to safeguard their legal responsibility to protect data by means of detailed agreements with cloud computing service providers.
For specialist advice regarding cloud services contracts and data protection contact Peter Gourri today by email PGourri@rollingsons.co.uk or telephone 0207 611 4848.