Cloud computing : the challenges to privacy

Abstract

The aim of this thesis is to provide for a better understanding of Cloud Computing, one of the latest technologies gaining popularity in recent years. In particular, in this thesis, Cloud Computing is looked at in comparison to the legal aspect of data protection and privacy, at EU level and locally. Data Protection is currently addressed, at EU level, by means of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (DPD). Locally, data protection is regulated by means of the Data Protection Act, Chapter 440 of the laws of Malta (DPA). The past months have seen the EU Commission issuing a new proposal for a Regulation with regard to the protection of individuals in relation to the processing of personal data and on the free movement of such data, and a proposal for a new Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data. A general introduction to Cloud Computing together with the existing service models shall be made. In particular, the relationship between the current data protection framework within the EU and within Malta, and Cloud Computing shall be put into perspective. Furthermore, the various proposals, as put forward by several stakeholders such as the UK's Information Commissioner's Office (ICO), to further facilitate the implementation of Cloud Computing technologies whilst upholding the right to privacy shall be discussed. All this will lead to the final crucial chapter which shall give a general overview of the European Commission's proposals mentioned hereabove, with specific focus on the proposals which will affect Cloud Computing service providers in one way or another. Finally, in the final sections of the last chapter, a critical analysis to the proposed Regulation shall be made, by examining the opinion of the stakeholders, such as Microsoft. Lastly the way these proposals may further be improved in terms of privacy, with the aim to further facilitate the emergence of Cloud Computing technologies shall be discussed.