Data protection and cloud computing: legal compliance risks

The last decade has seen a revolution in the way in which individuals and organisation interact. The rise of the internet, the explosion in the provision of online services, the development of Web 2.0 and the ability of individuals to self publish online has created significant challenges in the regulation and enforcement of Data Protection laws. The traditional idea of organisations holding personal data on large, fixed location, servers is changing as more information is uploaded into the Cloud. Cloud Computing frees personal data to be stored, transferred or shared with ever increasing ease anywhere in the world. However, this flexibility raises serious complications in the regulation and enforcement of Data Protection laws and in protecting the rights of individual data subjects. This paper will examine the data protection issues raised by Cloud Computing. It will ask whether the greater flexibility offered by the Cloud is sufficient to outweigh the potential prejudice to the privacy of individuals and will consider whether or not the Information Commissioner is in a position to effectively regulate this brave new world.