Evaluation of legal data protection requirements in cloud services in the context of contractual relations with end-users

Darius Štitilis, Aušra Malinauskaitė

Research output: Contribution to journalArticle

Abstract

Purpose – to analyse the compliance with basic principles of data protection in selected consumer oriented cloud services contracts, and also to highlight the adequate level of data protection in the mentioned contracts, evaluating existing data protection directive 95/46/EC, also proposed General data protection regulation. Design/methodology/approach – various survey methods have been used in the work integrated. Documental analysis method has been used in analysis of scientific literature, legal acts and other documents, where aspects of legal data protection requirements have been included. Legal documents analysis method together with logical-analytic method has been used in analysing Directive 95/46/EU, Proposal for a regulation of the European Parliament and of the Council and jurisprudence of the European Court of Human Rights. Comparative method has been applied for revealing difference between particular cloud services contracts and also comparing the compliance of cloud services contracts to requirements of basic European data protection principles, established in the international documents.
Findings – from the brief analysis of selected consumer oriented cloud service providers, it may be implied that more or less all the legal principles, established in the legal acts, are reflected in the privacy policies and/or service agreements. However, it shall be noted that there is a big difference in wording of the analysed documents. Regarding other principles, all examined cloud service providers do not have indemnification provisions regarding unlawful use of personal data. Research limitations/implications – the concept of the contract was presented in a broad sense, including the privacy policies and/or terms and conditions of the service providers. In accordance with the content of the principles, the authors grouped data protection principles, applied in cloud services into fundamental and recommendatory. Practical implications – the research results will be helpful for cloud service providers, dealing with personal data of data subjects (natural persons). Originality/value – the mentioned research of cloud provider contracts examined 4 sets of standard terms and conditions of cloud service providers targeting individual consumers. The following personal data protection principles were evaluated: transparency, purpose specification and limitation, erasure of data, confidentiality, availability, integrity, indemnification.
Original languageEnglish
Pages (from-to)390-414
JournalSocialinės technologijos: mokslo darbai
Volume3
Issue number2
DOIs
Publication statusPublished - 2013

Fingerprint

data protection
service provider
evaluation
personal data
privacy
regulation
document analysis
European Parliament
technical literature
jurisprudence
research results
European Community
transparency
integrity
human rights
EU
human being
methodology

Keywords

  • Privacy and data protection
  • Cloud services
  • Compliance principles

Cite this

@article{8826cb547f28440d8ed3d034f4c75b29,
title = "Evaluation of legal data protection requirements in cloud services in the context of contractual relations with end-users",
abstract = "Purpose – to analyse the compliance with basic principles of data protection in selected consumer oriented cloud services contracts, and also to highlight the adequate level of data protection in the mentioned contracts, evaluating existing data protection directive 95/46/EC, also proposed General data protection regulation. Design/methodology/approach – various survey methods have been used in the work integrated. Documental analysis method has been used in analysis of scientific literature, legal acts and other documents, where aspects of legal data protection requirements have been included. Legal documents analysis method together with logical-analytic method has been used in analysing Directive 95/46/EU, Proposal for a regulation of the European Parliament and of the Council and jurisprudence of the European Court of Human Rights. Comparative method has been applied for revealing difference between particular cloud services contracts and also comparing the compliance of cloud services contracts to requirements of basic European data protection principles, established in the international documents. Findings – from the brief analysis of selected consumer oriented cloud service providers, it may be implied that more or less all the legal principles, established in the legal acts, are reflected in the privacy policies and/or service agreements. However, it shall be noted that there is a big difference in wording of the analysed documents. Regarding other principles, all examined cloud service providers do not have indemnification provisions regarding unlawful use of personal data. Research limitations/implications – the concept of the contract was presented in a broad sense, including the privacy policies and/or terms and conditions of the service providers. In accordance with the content of the principles, the authors grouped data protection principles, applied in cloud services into fundamental and recommendatory. Practical implications – the research results will be helpful for cloud service providers, dealing with personal data of data subjects (natural persons). Originality/value – the mentioned research of cloud provider contracts examined 4 sets of standard terms and conditions of cloud service providers targeting individual consumers. The following personal data protection principles were evaluated: transparency, purpose specification and limitation, erasure of data, confidentiality, availability, integrity, indemnification.",
keywords = "Privacy and data protection, Cloud services, Compliance principles",
author = "Darius Štitilis and Aušra Malinauskaitė",
year = "2013",
doi = "10.13165/ST-13-3-2-11",
language = "English",
volume = "3",
pages = "390--414",
journal = "Socialinės technologijos: mokslo darbai",
issn = "2029-7564",
publisher = "Mykolas Romeris University",
number = "2",

}

TY - JOUR

T1 - Evaluation of legal data protection requirements in cloud services in the context of contractual relations with end-users

AU - Štitilis, Darius

AU - Malinauskaitė, Aušra

PY - 2013

Y1 - 2013

N2 - Purpose – to analyse the compliance with basic principles of data protection in selected consumer oriented cloud services contracts, and also to highlight the adequate level of data protection in the mentioned contracts, evaluating existing data protection directive 95/46/EC, also proposed General data protection regulation. Design/methodology/approach – various survey methods have been used in the work integrated. Documental analysis method has been used in analysis of scientific literature, legal acts and other documents, where aspects of legal data protection requirements have been included. Legal documents analysis method together with logical-analytic method has been used in analysing Directive 95/46/EU, Proposal for a regulation of the European Parliament and of the Council and jurisprudence of the European Court of Human Rights. Comparative method has been applied for revealing difference between particular cloud services contracts and also comparing the compliance of cloud services contracts to requirements of basic European data protection principles, established in the international documents. Findings – from the brief analysis of selected consumer oriented cloud service providers, it may be implied that more or less all the legal principles, established in the legal acts, are reflected in the privacy policies and/or service agreements. However, it shall be noted that there is a big difference in wording of the analysed documents. Regarding other principles, all examined cloud service providers do not have indemnification provisions regarding unlawful use of personal data. Research limitations/implications – the concept of the contract was presented in a broad sense, including the privacy policies and/or terms and conditions of the service providers. In accordance with the content of the principles, the authors grouped data protection principles, applied in cloud services into fundamental and recommendatory. Practical implications – the research results will be helpful for cloud service providers, dealing with personal data of data subjects (natural persons). Originality/value – the mentioned research of cloud provider contracts examined 4 sets of standard terms and conditions of cloud service providers targeting individual consumers. The following personal data protection principles were evaluated: transparency, purpose specification and limitation, erasure of data, confidentiality, availability, integrity, indemnification.

AB - Purpose – to analyse the compliance with basic principles of data protection in selected consumer oriented cloud services contracts, and also to highlight the adequate level of data protection in the mentioned contracts, evaluating existing data protection directive 95/46/EC, also proposed General data protection regulation. Design/methodology/approach – various survey methods have been used in the work integrated. Documental analysis method has been used in analysis of scientific literature, legal acts and other documents, where aspects of legal data protection requirements have been included. Legal documents analysis method together with logical-analytic method has been used in analysing Directive 95/46/EU, Proposal for a regulation of the European Parliament and of the Council and jurisprudence of the European Court of Human Rights. Comparative method has been applied for revealing difference between particular cloud services contracts and also comparing the compliance of cloud services contracts to requirements of basic European data protection principles, established in the international documents. Findings – from the brief analysis of selected consumer oriented cloud service providers, it may be implied that more or less all the legal principles, established in the legal acts, are reflected in the privacy policies and/or service agreements. However, it shall be noted that there is a big difference in wording of the analysed documents. Regarding other principles, all examined cloud service providers do not have indemnification provisions regarding unlawful use of personal data. Research limitations/implications – the concept of the contract was presented in a broad sense, including the privacy policies and/or terms and conditions of the service providers. In accordance with the content of the principles, the authors grouped data protection principles, applied in cloud services into fundamental and recommendatory. Practical implications – the research results will be helpful for cloud service providers, dealing with personal data of data subjects (natural persons). Originality/value – the mentioned research of cloud provider contracts examined 4 sets of standard terms and conditions of cloud service providers targeting individual consumers. The following personal data protection principles were evaluated: transparency, purpose specification and limitation, erasure of data, confidentiality, availability, integrity, indemnification.

KW - Privacy and data protection

KW - Cloud services

KW - Compliance principles

U2 - 10.13165/ST-13-3-2-11

DO - 10.13165/ST-13-3-2-11

M3 - Article

VL - 3

SP - 390

EP - 414

JO - Socialinės technologijos: mokslo darbai

JF - Socialinės technologijos: mokslo darbai

SN - 2029-7564

IS - 2

ER -