Data Privacy and Trust in Cloud Computing

Trust is regularly cited as one the main barriers for increased adoption of cloud computing, however conceptualisations of trust in cloud computing literature can be simplistic. This chapter briefly introduces the trust literature including definitions and antecedents of trust. Following an overview of cloud computing, we discuss some of the cited barriers to trust in cloud computing, and proposed mechanisms for building trust in the cloud. We present a high-level framework for exploring assurance (trust building) and accountability (trust repair) in the cloud and call for a more integrated multi-stakeholder approach to trust research in this multi-faceted context.

Cloud computing is the dominant paradigm in modern computing, used by billions of Internet users worldwide. It is a market dominated by a small number of hyperscale cloud service providers. The overwhelming majority of cloud customers agree to standard form click-wrap contracts, with no opportunity to negotiate specific terms and conditions. Few cloud customers read the contracts that they agree to. It is clear that contracts in cloud computing are primarily an instrument of control benefiting one side, the cloud service provider. This chapter provides an introduction to the relationship between psychological trust, contracts and contract law. It also offers an overview of the key contract law issues that arise in cloud computing and introduces some emerging paradigms in cloud computing and contracts.

Borderless cloud computing technologies are exacerbating tensions between European and other existing regulatory models for data privacy. On the one hand, in the European Union (EU), a series of data localisation initiatives are emerging with the objective of preserving Europe’s digital sovereignty, guaranteeing the respect of EU fundamental rights and preventing foreign law enforcement and intelligence agencies from accessing personal data. On the other hand, foreign countries are unilaterally adopting legislation requiring national corporations to disclose data stored in Europe, in this way bypassing jurisdictional boundaries grounded on physical data location. The chapter investigates this twofold dynamic by focusing particularly on the current friction between the EU data protection approach and the data privacy model of the United States (US) in the field of cloud computing.

The recent increase in highly publicised cloud breaches, coupled with issues surrounding transparency and control in the cloud, highlights the importance of understanding and addressing privacy in this context. The extant cloud privacy literature has a tendency to focus on technical solutions to address security and privacy together, but a small emerging body of literature acknowledges the importance of consumers’ privacy perceptions in the context of cloud computing. Given the breadth of cloud applications and the situational nature of privacy, it is imperative to unpack the role of privacy in this complex domain. This chapter leverages the broader privacy literature in the Information Systems field to identify potential measures to enhance consumer privacy in the cloud context and highlights a number of paths for research to further our knowledge of consumer privacy perceptions in the various cloud contexts.

The continued rise in frequency and magnitude of cloud-based privacy breaches brings to the fore the challenges experienced by cloud service providers (CSPs) in balancing the need to maximize profit with the need to maintain data privacy. With a backdrop of the ineffectiveness of regulatory approaches to protecting privacy, this chapter explores privacy from a non-regulatory perspective—instead exploring a CSP’s approach to privacy as dynamics of control and justice. We apply control theory to represent the CSP’s compliance with privacy legislation and power over data, and we apply justice theory to represent the CSP exceeding compliance. Control theories, such as social contract theory, have frequently been applied to explore privacy challenges between organizations and consumers, as too have justice theories e.g. procedural and distributive justice. However, few studies have combined these theoretical concepts to provide a balanced view of these tensions in the cloud computing landscape. Integrating concepts from these theories, we construct a framework that can help to explain and position a CSP’s privacy orientation. Four key privacy orientations emerge in our framework, namely: Risk Managers, Integrators, Citizens and Warriors. We discuss the implications of each privacy orientation for CSPs. Our framework will enable future research to further understand, explore and compare the impact and effectiveness of each privacy orientation.

While the benefits of cloud computing are widely acknowledged, it raises a range of ethical concerns. The extant cloud computing literature reports specific ethical perspectives on focussed topics in this domain, but does not explicitly refer to a specific ethical conception or reference point. This chapter provides an overview of ethics and ethical theories, which can be used to analyse the use of cloud technology and the complex multi-stakeholder structure of the industry. It is critical that cloud providers and users recognise that they effectively shape the morality of the cloud computing context through their interactions with other providers and users, and with the platform itself. Both stakeholder sets must be accountable for the possibilities offered by the technology. While pertinent regulation is continuously evolving, it is unlikely to advance at a similar rapid pace to that of innovation in the cloud computing industry. It is therefore essential that ethics is carefully considered to orient cloud computing towards the good of society.

Trustworthy cloud computing has been a central tenet of the European Union cloud strategy for nearly a decade. This chapter discusses the origins of trustworthy computing and specifically how the goals of trustworthy computing—security and privacy, reliability, and business integrity—are represented in computer science research. We call for further inter- and multi-disciplinary research on trustworthy cloud computing that reflect a more holistic view of trust.