An individual may choose to give away or trade personal data in the cloud, but it should be an informed choice. One task of an effective regulator is to facilitate the education of consumers on the risks to privacy and to their personal data when using cloud services.
However, can policy-makers, regulators and business work together to promote cloud literacy?
What if an individual has knowingly provided personal data, and no longer expects the information to remain private? Should policy-makers step in to protect such personal data?
The chapter discusses cloud services and their economic and social benefits, current privacy and data protection regulation as applied to cloud services, and the effectiveness of current regulation and enforcement to preserve privacy.
The financial benefits that cloud services offer to governments, businesses, citizens and consumers must be balanced against the risks that such services may pose to an individual’s privacy or personal data.
Yet there is increasing confusion as to who has the duty to protect personal data.
Freely putting personal information in the cloud has perhaps desensitized individuals to the idea of private information.
Do consumers know how these data might be used or understand the possible risks to data security?
What is the intrinsic value of personal data, which are being referred to as “the new oil” from a commercial perspective? And should consumers have an economic right to benefit from trading these data?
To answer the questions of privacy and data protection that arise in the cloud, individual attitudes need to be explored and taken into account. After all, whose personal data are we trying to protect?
Currently, there is no universally binding privacy legislation covering all countries of the world.
Of the 89 countries that have adopted privacy or data protection laws, many regulate international data flows as a mechanism for protecting individual privacy and enforcing national policies.
Is the current patchwork of regulation fit for purpose in the cloud? The short answer is no.
National regulation with respect to privacy and data protection was established 20 to 30 years ago and did not foresee the advent of a global digital ecosystem. Existing regulations are now outdated.
For the full story on data protection in the cloud, please click on the link below.