Privacy and consumer risks in cloud computing

https://doi.org/10.1016/j.clsr.2010.05.005Get rights and content

Abstract

While vaguely defined, and wide in scope, so-called ‘cloud computing’ has gained considerable attention in recent times. Put simply, it refers to an arrangement under which a user relies on another party to provide access to remote computers and software, whose whereabouts, including their jurisdictional location, are not known nor controllable by the user. In this article, we examine the privacy and consumer risks that are associated with cloud computing.

Introduction

Anyone with an interest in information technology would have found it virtually impossible to avoid coming across the term ‘cloud computing’ in recent times. While vague and wide in scope, there seems to be a consensus that the term cloud computing typically refers to a technical arrangement under which users store their data on remote servers under the control of other parties, and rely on software applications stored and perhaps executed elsewhere, rather than on their own computers. For this paper, we adopt the definition devised by the second author in an earlier paper:

Cloud computing refers to a service that satisfies all of the following conditions:1

  • The service is delivered over a telecommunications network;

  • Users rely on the service for access to and/or processing of data;

  • The data is under the legal control of the user;

  • Some of the resources on which the service depends are ‘virtualised’, which means that the user has no technical need to be aware which server running on which host is delivering the service, nor where the hosting device is located; and

  • The service is acquired under a relatively flexible contractual arrangement, at least as regards the quantum used.

While hailed as a new era, cloud computing has gained only a limit amount of attention from a legal regulatory perspective. Yet cloud computing is associated with a range of obvious privacy and consumer risks, such as risks relating to:

  • How data provided to a cloud computing operator will be used by that operator;

  • How such data will be disclosed by the cloud computing operator, and subsequently used by third parties;

  • The security of the data provided;

  • The legality (under the consumer’s local law) of using cloud computing products;

  • Disruptions of the cloud computing service;

  • Getting locked into a contractual arrangement that does not cater for the consumer’s future needs; and

  • Violating privacy laws by the use of cloud computing products.

In this paper, we discuss those, and related, risks.

Section snippets

Privacy risks

Cloud computing is associated with a range of severe and complex privacy issues. In this section, we discuss the privacy concerns that are associated with cloud computing and how different cloud computing structures give rise to different types of privacy concerns. It extends beyond mere compliance with data protection laws to encompass public expectations and policy issues that are not, or not yet, reflected in the law.

Several early privacy analyses have been published variously by a Privacy

Consumer risks

This section considers the risks to consumers that arise from the use of a cloud computing service. Drawing upon relevant parts of the normative template previously developed and applied by the authors,28

Concluding remarks

This article has highlighted that so-called cloud computing is associated with serious risks to privacy and consumer rights, and that current privacy law may struggle to address some of those risks. It has also highlighted that consumers using cloud computing products, like other cloud computing users, need to be cautious. The article should also have sent a warning that providers of cloud computing products would do well to familiarise themselves with applicable consumer protection and privacy

References (0)

Cited by (166)

  • Privacy conditions changes’ effects on users’ choices and service providers’ incomes

    2023, International Journal of Information Management Data Insights
View all citing articles on Scopus
View full text