Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
1
ITU Kaleidoscope 2015Trust in the Information Society
Barcelona, Spain
9-11 December 2015
Regulation and Standardization of Data Protection in Cloud
Computing
Martin G. Löhe and Knut BlindTechnische Universität Berlin, Faculty of Economics and
Management, Chair of Innovation [email protected]
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
2
The Importance of Data
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
Fig. 1: Kontradiev waves or supercycles in the economy, [1; cp. 2].
oil data (“new oil”)
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
3
Economic Perspectives on Data
• If data is the new oil, data protection is an economicissue.
• Data (and also personal information) is traded on markets.
• Regulation of data protection is a form of market regulation.
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
4
Data Protection and Privacy
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
• Data that allows conclusions about people is personal data, or personal identifiable information (PII).
• Privacy: “the claim of individuals […] to determine for themselves when, how and to what extent information about them is communicated to others” [3].
• Most jurisdictions have rules (laws, constitutional rights, etc.) on data protection and privacy.
data protection privacy
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
5
The example of cloud computing
• Cloud computing: IT services virtualized by a network
• Allows an efficient management of IT resources and data.
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
• Facilitating use• Preventing “oil spills”
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
6
Goals of ISO/IEC 27018: addressed issues
• B2B standard for protecting customers’ assets• Easier compliance with law• More transparency• Easier outsourcing• Compliance verification by audits.
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
How to use it…
• Risk assessment• Select measures from controls• Get certificate
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
7
Challenge: Worldwide data – national regulation
How can worldwide usable cloud computing be effectively regulated?
� Hypothesis: Regulation could be performed by standards. Because…
- …standards have legal effects,- …standards can fill blank spaces and gaps of laws and- …standards can diffuse across borders.
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
8
Regulative Options and Interrelations
Functional view on regulation: All regimes that constrain (or enable) action options are regulation
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
- Statutory law / hard law (legislation, court verdicts, EU regulations, …)
- Self-regulation- Multi-stakeholder regulation
EU Commission
StandardizationOrganization
mandates
standard
Top down approach(„New Approach“)
issues
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
9
The Genesis of ISO/IEC 27018
• Industry seeks legal compliance of cloud services• EU legal system on data protection is governed by
95/46/EC (data protection directive).• All EU member states have to implement it. • Article 17 contains a vague legal concept:
• compliance problems!• liability risks!
• Assessment of the legal situation in the EU and it’s member states.
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
10
Potential Effects and the Regulative Landscape
• Possible international alignment of legal rules around the standard (which reflects a comparatively high level of protection)
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
Jurisdiction X
Jurisdiction Y
European Union
Standard
??
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
11
Conclusion & Future Research
• Comprehensive approach• Influence of legal regulation / legal link• Potential for harmonization.• Influence on legal regulation.
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
• Case studies in social media: How is ISO/IEC 27018 applied? What are the actual effects?
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
12
References
• [1] “Kontradiev wave” in Wikipedia, https://en.wikipedia.org/wiki/Kondratiev_wave, 2015.
• [2] Šmihula, Daniel: “The waves of the technological innovations of the modern age and the present crisis as the end of the wave of the informational technological revolution.” Studia politica Slovaca(Bratislava) 2009 (1): 32–47.
• [3] Westin, Alan F., “Privacy and freedom,” Atheneum, New York, 1967.
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society
13
Picture credits
• [2]– https://commons.wikimedia.org/wiki/File:Kondratieff_Wave.svg, by
“Rursus”, CC BY-SA 3.0– https://pixabay.com/de/%C3%B6l-bohrer-rig-erd%C3%B6l-kraftstoff-
29956/– https://commons.wikimedia.org/wiki/File:DARPA_Big_Data.jpg
• [4]– Own work based on © www.rainerkurzeder.com
• [5]– https://commons.wikimedia.org/wiki/File:Cloud_computing_icon.svg, by 百楽兎, CC BY-SA 3.0
– https://pixabay.com/de/vorh%C3%A4ngeschloss-gold-sperre-147913/• [8]
– Own work• [9]
– Own work• [10]
– Own work
Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society