TY - RPRT

T1 - Cloud Legal Guidelines

T2 - Data Security, Ownership Rights and Domestic Green Legislation

AU - Barnitzke, Benno

AU - Corrales Compagnucci, Marcelo

AU - Donoghue, Andrew

AU - Forgó, Nikolaus

AU - Lawrence, Andy

AU - Stoklas, Jonathan

PY - 2011

Y1 - 2011

N2 - Our aim is the one hand to ensure that no legal barriers are going to hinder the way of accomplishing the OPTIMIS project goals. On the other hand this report gives guidance about legal issues of cloud computing as such. In addition, we aim at providing a series of recommendations to the EU Commission concerning Data Protection and Data Security. In this Report, we focus on data protection and data security requirements, ownership of information and domestic green legislation. We follow a high level approach by assessing legal problems at European level in order to ensure compliance across the various jurisdictions of the Member States.Concerning data protection, we find that encryption as such does not render personal data anonymous. The same result applies to fragmentation of data in clouds in distributed file systems.In view of data security, we show that the requirements are not sufficiently harmonised by the Directive, which is a possible key inhibitor for the adoption of cloud computing in the EU. As a result, compliance solely with the Data Protection Directive is not enough in some Member States. In summary, the legal data security requirements of the Directive aim to ensure confidentiality, integrity, authenticity and availability of personal data.As regards ownership of information, we find that cloud computing has the ability to potentially create new information. This is why there should be a complete understanding of the different matters related to data ownership, in order to know who is entitled to claim such rights. It is therefore of utmost importance to clarify those issues, in particular the further exploitation of new “derived” data.Compliance with domestic green legislation is mandatory. In addition, there are many interest- ing European and non-European national initiatives and schemes which can be used as a tool to improve eco-efficiency, lower the consumption of energy and reduce CO2 emissions of data centres and other cloud computing-related technologies.In conclusion, OPTIMIS should implement appropriate data security measures according to particular recommendations given in this Report. Furthermore, it is important to clarify ownership rights of data between all the stakeholders. This is especially important regarding the fur- ther exploitation of the potentially new data created between Service Providers (SPs) and end users, as well as between any other third parties who might be involved. Compliance with green legislation and other green initiatives is a must especially where the establishments of those datacentres and other cloud computing-related technologies are located.

AB - Our aim is the one hand to ensure that no legal barriers are going to hinder the way of accomplishing the OPTIMIS project goals. On the other hand this report gives guidance about legal issues of cloud computing as such. In addition, we aim at providing a series of recommendations to the EU Commission concerning Data Protection and Data Security. In this Report, we focus on data protection and data security requirements, ownership of information and domestic green legislation. We follow a high level approach by assessing legal problems at European level in order to ensure compliance across the various jurisdictions of the Member States.Concerning data protection, we find that encryption as such does not render personal data anonymous. The same result applies to fragmentation of data in clouds in distributed file systems.In view of data security, we show that the requirements are not sufficiently harmonised by the Directive, which is a possible key inhibitor for the adoption of cloud computing in the EU. As a result, compliance solely with the Data Protection Directive is not enough in some Member States. In summary, the legal data security requirements of the Directive aim to ensure confidentiality, integrity, authenticity and availability of personal data.As regards ownership of information, we find that cloud computing has the ability to potentially create new information. This is why there should be a complete understanding of the different matters related to data ownership, in order to know who is entitled to claim such rights. It is therefore of utmost importance to clarify those issues, in particular the further exploitation of new “derived” data.Compliance with domestic green legislation is mandatory. In addition, there are many interest- ing European and non-European national initiatives and schemes which can be used as a tool to improve eco-efficiency, lower the consumption of energy and reduce CO2 emissions of data centres and other cloud computing-related technologies.In conclusion, OPTIMIS should implement appropriate data security measures according to particular recommendations given in this Report. Furthermore, it is important to clarify ownership rights of data between all the stakeholders. This is especially important regarding the fur- ther exploitation of the potentially new data created between Service Providers (SPs) and end users, as well as between any other third parties who might be involved. Compliance with green legislation and other green initiatives is a must especially where the establishments of those datacentres and other cloud computing-related technologies are located.

KW - Faculty of Law

KW - Data protection, data security, encryption, fragmentation, confidentiality, integrity, authenticity, availability, information security management, ownership rights, green legislation, carbon reduction commitment, trade secrets, data centre, carbon emissi

M3 - Report

BT - Cloud Legal Guidelines

PB - OPTIMIS project consortium - EU Funded Project within the Seventh Framework Program

ER -