A new Paper on Privacy in the Clouds, Revisited: An Analysis of the Privacy Policies of 40 Cloud Computing Services.
CCLS alumni and members of the Cloud Legal Project: Felicity Turton (Technology, Media and Telecommunication Law LLM, 2017), Dimitra Kamarinou (Commercial and Corporate Law LLM, 2010), Dave Michels (Researcher on the Cloud Legal Project) and Christopher Millard (CCLS Professor of Privacy and Information Law), have published a paper on Privacy in the Clouds, Revisited: An Analysis of the Privacy Policies of 40 Cloud Computing Services.
In this paper, they analyse the results of a detailed survey of the privacy policies, and data protection terms more broadly, of 40 major cloud computing services, including Amazon Web Services, Google Cloud, and Microsoft Azure. They review terms relating to controller and processor designations; purposes and legal bases for data processing; individuals’ rights of access, rectification, and erasure of personal data; the right to data portability; security and data breach notification; monitoring; transfers of personal data outside of the EEA; and appointment of a Data Protection Officer. Where relevant, they compare the results to those of previous surveys conducted in 2010, 2013, and 2015 to show how cloud privacy policies have developed over time, including changes that appear to have been made in response to the General Data Protection Regulation.
Read the full paper here
The Cloud Legal Project (CLP) undertakes research in complex areas of law and regulation that are essential to the successful development and use of cloud computing services. Find out more about CLP here.