Privacy and consumer risks in cloud computing
Introduction
Anyone with an interest in information technology would have found it virtually impossible to avoid coming across the term ‘cloud computing’ in recent times. While vague and wide in scope, there seems to be a consensus that the term cloud computing typically refers to a technical arrangement under which users store their data on remote servers under the control of other parties, and rely on software applications stored and perhaps executed elsewhere, rather than on their own computers. For this paper, we adopt the definition devised by the second author in an earlier paper:
Cloud computing refers to a service that satisfies all of the following conditions:1
- ●
The service is delivered over a telecommunications network;
- ●
Users rely on the service for access to and/or processing of data;
- ●
The data is under the legal control of the user;
- ●
Some of the resources on which the service depends are ‘virtualised’, which means that the user has no technical need to be aware which server running on which host is delivering the service, nor where the hosting device is located; and
- ●
The service is acquired under a relatively flexible contractual arrangement, at least as regards the quantum used.
While hailed as a new era, cloud computing has gained only a limit amount of attention from a legal regulatory perspective. Yet cloud computing is associated with a range of obvious privacy and consumer risks, such as risks relating to:
- ●
How data provided to a cloud computing operator will be used by that operator;
- ●
How such data will be disclosed by the cloud computing operator, and subsequently used by third parties;
- ●
The security of the data provided;
- ●
The legality (under the consumer’s local law) of using cloud computing products;
- ●
Disruptions of the cloud computing service;
- ●
Getting locked into a contractual arrangement that does not cater for the consumer’s future needs; and
- ●
Violating privacy laws by the use of cloud computing products.
In this paper, we discuss those, and related, risks.
Section snippets
Privacy risks
Cloud computing is associated with a range of severe and complex privacy issues. In this section, we discuss the privacy concerns that are associated with cloud computing and how different cloud computing structures give rise to different types of privacy concerns. It extends beyond mere compliance with data protection laws to encompass public expectations and policy issues that are not, or not yet, reflected in the law.
Several early privacy analyses have been published variously by a Privacy
Consumer risks
This section considers the risks to consumers that arise from the use of a cloud computing service. Drawing upon relevant parts of the normative template previously developed and applied by the authors,28
Concluding remarks
This article has highlighted that so-called cloud computing is associated with serious risks to privacy and consumer rights, and that current privacy law may struggle to address some of those risks. It has also highlighted that consumers using cloud computing products, like other cloud computing users, need to be cautious. The article should also have sent a warning that providers of cloud computing products would do well to familiarise themselves with applicable consumer protection and privacy
References (0)
Cited by (166)
Privacy conditions changes’ effects on users’ choices and service providers’ incomes
2023, International Journal of Information Management Data InsightsEthical issues in the application of new and emergent technologies of marketing
2022, Journal of Business ResearchPost hoc security and privacy concerns in mobile apps: the moderating roles of mobile apps’ features and providers
2024, Information and Computer SecurityBeyond Innovation: Assessing the Risk Terrain of Industry 5.0 Technologies
2023, Research SquareReview on the application of cloud computing in the sports industry
2023, Journal of Cloud Computing