Lib Dems: Gov must look at security of public data cloud
Keeping stuff outside UK could erode citizens' rights
The Liberal Democrat party has said that the government should investigate the potential for abuse of data owners' rights if private companies hosted public data outside the UK. The junior Coalition partner raised the issue in in its Policies for Information Technology paper.
"Cloud computing is an area where, if [it is] left unchecked, there is serious potential for abuse – for example, large corporations taking control of enormous quantities of public or private data outside the reach of national law," the paper (21-page/131KB PDF) said.
"Cloud is only attractive if it embodies the principles on privacy and data ownership, access, project management and procurement that we have set out elsewhere in this paper. We recommend that as a matter of urgency, the Government consider the security issues involved with cloud computing, particularly regarding data location and segregation," it said.
Cloud computing refers to the storage of files and programs on an internet-based network rather than on local computing resources. It allows internet users to access or store information without owning the software required to do so and many online companies, such as Google, operate huge servers that store the data and deliver it to users.
The Lib Dems said that the UK should work with other governments and international bodies to help establish a watchdog regime for cloud services. The party said it believed industry bodies were best placed to regulate content on the internet. It suggested that, where the organisations are not dealing with illegal material, their "processes" should be transparent and their operations overseen by the UK's communications regulator, Ofcom.
Earlier this year the European Commission held a consultation looking into the issue of cloud computing. The Commission appeared to be considering measures to help standardise terms and conditions for using cloud services. The consultation asked it if it would be "useful" to establish "model Service Level Agreements or End User Agreements" within contractual agreements for cloud services.
The consultation, which closed at the end of August, asked respondents to specify updates the Commission could apply to the EU Data Protection Directive "that could further facilitate cloud computing while preserving the level of protection". A Commission spokesperson told Out-Law.com earlier this week that new proposals for EU data protection laws would be announced within the next six months.
The Commission is expected to announce a European cloud computing strategy next year and aims to "clarify the legal conditions for the take-up of cloud computing in Europe, stimulate the development of a competitive European cloud industry and market, and facilitate the roll-out of innovative cloud computing services for citizens and businesses," it said in a statement in May.
Cloud computing providers often detail the jurisdiction in which data is held in contract terms, but a judge in the High Court last year ruled that a company is responsible for "making available" internet-hosted material in the country where its host server is based, not in the country where the material is read or used.
Copyright © 2011, OUT-LAW.com
OUT-LAW.COM is part of international law firm Pinsent Masons.