Home > Awareness, Cybercrime, Data Protection, Facebook, Google, Identity theft, Internet, Privacy, Scams, Social Media > Cloud computing and the Internet part II

Cloud computing and the Internet part II

As announced on yesterday’s post “Cloud computing and the Internet part I, E-Crime Expert is posting the second part on cloud computing.

In addition to the methods in which Cloud computing is delivered, there are different types of the cloud computing which include: public cloud, hybrid cloud and private cloud.

Public cloud which is when a service provider offer services such as application usage, development or storage of data, to anyone on the Internet.

Hybrid cloud is when a business uses some applications in house and some provided by an external provider such as storage of data, etc.

Private cloud is when a provider offers cloud computing solutions, but on a private infrastructure network. A business does not want its employees files to be accessible for example on a public cloud and so it rents/buys a private cloud that no one else except that business has access to.

Besides the usefulness of cloud computing solutions, there are questions regarding how the Data Protection Directive applies to this situation? How the personal data of users is dealt with, stored, accessed, manipulated, and processed by the cloud-computing providers. A unique characteristic of cloud computing is that data is floating around from server to server located within the EU or also outside the EU for example to India, the US, etc. Part of someone’s data could be at the same time in the EU and India, on different servers.

There are some questions regarding cloud computing in Facebook’s. Facebook provides services to its clients such as: storage of information (e.g. pictures, videos, profiles, personal data, etc.), application access (e.g. Facebook Places or other applications where the user should agree with the access of that particular application to her personal data), or infrastructure for sending messages, invitations, updates, and posting comments which all deal with private information and data. Everything is done on the Facebook’s platform, which could host the users’ personal information on different servers inside or outside the EU.

The question is who has access to users’ personal data when uploaded and processed on Facebook? According to EU Data Protection Directive (DPD) the users have the right to know which personal data is stored and processed in regards at least to the online marketing advertisers that could be granted access to that data for advertising purposes, profiling, and delivery of targeted advertising. In addition, when a user delete her Facebook account, this operation is not done in real time, it has a delay and the account basically is not deleted but becomes inactive. For example, I ran a search under my name, and some entries showed pictures from my Facebook account that I deleted in the past. This shows that even if the users want to delete some information concerning his person, it would be still available on the Internet.  Furthermore, some entries generate pictures or names of my friends on Facebook by associating them with my Facebook account friends’ list.

In other words, even if a user asks for all of his personal data provided on Facebook to be removed, this most likely would not happen. Facebook claims that some users’ personal data would not be available to any other user on Facebook, but some personal information and data will be kept for technical reasons (such as to provide service to other users which are inter-connected with the account that was deleted).

Regarding the compliance with the EU DPD, it is not clear which rules and regulations could apply to cloud computing, as the cloud concept itself is “volatile” (continually changing). Cloud computing is subject to multiple jurisdictions as the information is moved from one server to another or is stored on different servers located in different geographical areas. Kumaraswany and Latif scholars asked: how does moving the private information to the cloud impact the current privacy compliance requirements?  Is information kept on the server, in the cloud or in a data center? These are questions that momentarily have no answer, at least in regards to how Facebook deals with, makes accessible, stores, and “floats” the users’ private data.

Who has the technical capabilities, jurisdiction and access to verify whether Facebook complies with these requirements?

For how long is the users’ personal data stored on its servers, cloud or in data centers?

According to the EU DPD, the user owns her personal data, but when this data is transferred and stored outside the EU, does the user still own her data?

How could a user enforce her right in this case?

If Facebook had provided the answers to these questions, there would be more transparency and less tensions regarding how users’ personal data is dealt with. The burden of proof regarding that the personal data is dealt with, stored, processed, and made available according to the EU DPD, falls on the provider’s shoulders, at least on an informal level when users are questioning more and more how their privacy is protected.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Do you think that cloud computing is a threat to privacy? Do you think that cloud computing is “out” of jurisdiction?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

  1. No comments yet.
  1. October 14, 2011 at 05:20

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: