In this paper, we analyse the results of a detailed survey of the privacy policies, and data protection terms more broadly, of 40 major cloud computing services, including Amazon Web Services, Google Cloud, and Microsoft Azure. We review terms relating to controller and processor designations;...

In this paper, we report the results of a detailed survey of the standard contracts for 40 major cloud computing services, including Amazon Web Services, Google Cloud, and Microsoft Azure. We cover a broad range of contractual issues, including clauses dealing with choice of law, termination,...

Effective protection of individuals under the EU’s General Data Protection Regulation (‘GDPR’) depends mainly on the ‘accountability’ of one or more persons, usually organizations, for ensuring compliance with relevant obligations. As we will see, identifying the ‘controllers’,...

By regulating how firms collect, store, and use data, privacy laws may change the role of data in production and alter firm demand for information technology inputs. We study how firms respond to privacy laws in the context of the EU's General Data Protection Regulation (GDPR) by using seven...

The lack of clarity and harmonisation across European Economic Area (EEA) Member States of the data export rules under the European Union (‘EU’) Data Protection Directive gives rise to significant uncertainties relating to the use of cloud computing. The concepts of transfer and data...

Where data centres located in the European Economic Area ('EEA') are utilised for cloud computing services, the customers, and in some circumstances even cloud service providers, could become subject to the EU Data Protection Directive on the basis that the data centre may be an...

In part one of this series, we considered what information is regulated as 'personal data' in the cloud. In this part two, we develop further the argument made in part one that it is not appropriate for infrastructure cloud providers, many of which are based outside Europe, to become subject...

This paper looks at cybersecurity and the protection of critical national infrastructure, as an area of systemic risk to society. In particular, it looks at the obligations and potential penalties which apply to cloud providers under the regulatory framework established by the EU’s Network and...

Cloud computing adoption by organizations has been minor despite the initial optimism. The primary concerns obstructing adoption of cloud-based services are security, loss of control, and inadequate legislative. In a cloud-based model, information technology services are distributed and accessed...

Adoption of cloud-based systems has been relatively modest—regardless of significant marketing push by major public cloud providers. The cloud-based model utilizes distributed information technology services accessible over networks. The networks can be internal part of...