Challenges to Personal Data Protection in Cloud Computing

Authors: Anne Cheung, R Leong, KP Chow, Rolf H. Weber

In: Journal of Law & Economic Regulation, Seoul National University, Center for Law & Public Utilities (울대학교, 공익산업법센터), 2013, v. 6 n. 1, p. 105-128.

Abstract: Although cloud computing technology is at its early stage, it has already transformed our ways of life and has ushered in a wave of new challenges to IT companies and law makers. With this technology, we can access information and be connected with others almost anywhere, any time with Internet connection at much lower cost. The business potential is huge with a forecast of more than US70 billion by 2015. Yet the challenges posed by cloud computing to personal data protection and security are also unprecedented. When our personal data is in remote servers, we may lose control easily, especially when so often, we do not know how, where, by whom our personal data is being processed, not to mention which jurisdictional law should apply. This article focuses on how personal data protection has evolved (1) in the sharing of roles and responsibilities between service providers and data users, with illustrations on the problems of security; and (2) in the particular context of transborder data flow. The meaning of cloud computing and its various deployment models, entailing different personal data concerns will also be explained. Fully aware that legal regulation cannot catch up with technological advancement, this article argues that a co-regulatory regime that requires and enables personal data protection, implementation and compensation at industry, corporate and individual levels is the way to move forward.