Data Protection and Data Security Issues Related to Cloud Computing in the EU

Abstract

We are in the midst of a revolution within computing. It goes under the name of cloud computing. Analysts estimate that in 2012, the size of the enterprise cloud-computing business may reach $60 billion to $80 billion – or about 10% of the global IT-service and enterprise-software market [DeSa09]. Such inevitable revolution brings about a lot of benefits but also several legal concerns. It has emerged from a recent study that security, privacy and legal matters represent the main obstacles that are encountered when implementing cloud computing, because the market provides only marginal assurance. This paper briefly describes the main legal issues related to cloud computing and then focuses on data protection and data security, which are by far the biggest concerns for both cloud service providers (CSPs) and (potential) customers. I build on the work done last year as contributor to the European Networks and Information Security Agency (ENISA) ‘Cloud Computing Risk Assessment’ to further analyse data protection and data security issues. It is worth clarifying that the present paper analyses cloud computing services offered by CSPs to businesses (as opposed to consumers), i.e., B2B cloud computing.