Hostname: page-component-7b9c58cd5d-dkgms Total loading time: 0 Render date: 2025-03-16T16:23:01.801Z Has data issue: false hasContentIssue false

Privacy and Legal Issues in Cloud Computing edited by Anne S.Y. CHEUNG and Rolf H. WEBER. Cheltenham, UK: Edward Elgar Publishing, 2015. xiv + 304 pp. Hardcover: £85.

Published online by Cambridge University Press:  10 June 2016

Sanduni WICKRAMASINGHE*
Affiliation:
Leiden University
Rights & Permissions [Opens in a new window]

Abstract

Type
Book Reviews
Copyright
© Asian Journal of International Law 2016 

This book addresses a comprehensive array of topics on cloud computing, including issues of data protection, security, copyright, and accountability. This edition brings together works from presenters of the Hong Kong University’s Cloud Computing Conference held in 2013. It consists of twelve chapters. The first, by J. Kong and others, provides a succinct overview of cloud deployment and service models with reference to security vulnerabilities and argues that data privacy and security is a responsibility attributable to both cloud service providers and users. Chapter Two by H. Chang discusses regulatory challenges such as outsourcing, trans-border data flows, subcontracting arrangements, and standard offerings that arise from cloud business models. Moving a step further, R.H. Weber explores ex-ante forms of sector-specific regulation and ex-post regulation through competition law. The methodology emphasizes the application of net-neutrality and can be said to share traits from the current EU regulatory framework of the telecommunications industry where competition law and sector-specific regulation plays a key role.

A. Cheung argues in Chapter Four that a nuanced definition of personal data is essential to balance the user’s preference to extend personal data protection rights to the cloud against encouraging industrial innovation based on such data. D.N. Staiger explores the ambiguities in the current EU Directive and proposed Regulation on trans-border data flows and argues that the safe-harbour agreement does not offer comprehensive protection, a position that has eventually been echoed in the Court of Justice of the European Union ruling in 2015 invalidating the said agreement although not referred to in the chapter.

In Chapter Six, J.P. Moiny specifically addresses the dearth of literature on jurisdictional conflicts that arise in regulating conflict between individuals or individuals and states under private and public international law. He examines the emergence of cloud zoning principle which refers to service providers self-limiting their services to a specific territory, and argues that user-intent is a determinant factor vis-à-vis resolving issues of cloud jurisdiction.

The remaining chapters focus on specific legal issues vis-à-vis cloud computing from a private-law standpoint. Chapter Seven by C. Reed addresses the general misconceptions surrounding the status of ownership, control, and accountability of data held in the cloud, and advocates for formal dialogue structures to address regulatory overlap in these three issues. On the rather timely topic of copyright liability for cloud service providers (CSPs), G. Tian discusses how ISP safe-harbour provisions within copyright laws in the US can extend to CSPs in the context of Australian copyright law.

P. Yu examines how cloud platforms can facilitate the distribution of copyrighted content by taking into account the interplay of licensing arrangements and jurisdictional issues in the face of uncurbed demand for content. On the other hand, T. Kaan discusses concerns relating to storage of health-care data in the cloud, which contributes to the current discussion on security of health-care data in the light of recent ransom-ware threats targeting such databases. He makes a sound argument that any immigration to the cloud must be cautiously done.

Chapter 11 by E. Dove and others refers to legal issues of security and privacy that arise in relation to data-intensive genomic science despite the alluring infrastructure of the cloud. The final chapter by A. Chui and G. Master revisits data ownership from a licensing standpoint, exploring whether users’ rights are surrendered when data is uploaded to the cloud and how IP licensing can be rolled out in the cloud.

Overall, the book provides a wide-ranging but selective array of topics that easily navigate even a first-time reader into the complex workings of cloud computing.