Evaluation of Legal Data Protection Requirements in Cloud Services in the Context of Contractual Relations with End-Users
##plugins.themes.bootstrap3.article.main##
Abstract
Purpose – to analyse the compliance with basic principles of data protection in selected consumer oriented cloud services contracts, and also to highlight the adequate level of data protection in the mentioned contracts, evaluating existing data protection directive 95/46/EC, also proposed General data protection regulation.
Design/methodology/approach – various survey methods have been used in the work integrated. Documental analysis method has been used in analysis of scientific literature, legal acts and other documents, where aspects of legal data protection requirements have been included. Legal documents analysis method together with logical-analytic method has been used in analysing Directive 95/46/EU, Proposal for a regulation of the European Parliament and of the Council and jurisprudence of the European Court of Human Rights. Comparative method has been applied for revealing difference between particular cloud services contracts and also comparing the compliance of cloud services contracts to requirements of basic European data protection principles, established in the international documents.
Findings – from the brief analysis of selected consumer oriented cloud service providers, it may be implied that more or less all the legal principles, established in the legal acts, are reflected in the privacy policies and/or service agreements. However, it shall be noted that there is a big difference in wording of the analysed documents. Regarding other principles, all examined cloud service providers do not have indemnification provisions regarding unlawful use of personal data.
Research limitations/implications – the concept of the contract was presented in a broad sense, including the privacy policies and/or terms and conditions of the service providers. In accordance with the content of the principles, the authors grouped data protection principles, applied in cloud services into fundamental and recommendatory.
Practical implications – the research results will be helpful for cloud service providers, dealing with personal data of data subjects (natural persons).
Originality/value – the mentioned research of cloud provider contracts examined 4 sets of standard terms and conditions of cloud service providers targeting individual consumers. The following personal data protection principles were evaluated: transparency, purpose specification and limitation, erasure of data, confidentiality, availability, integrity, indemnification.
Research type: research paper, viewpoint, case study.
Design/methodology/approach – various survey methods have been used in the work integrated. Documental analysis method has been used in analysis of scientific literature, legal acts and other documents, where aspects of legal data protection requirements have been included. Legal documents analysis method together with logical-analytic method has been used in analysing Directive 95/46/EU, Proposal for a regulation of the European Parliament and of the Council and jurisprudence of the European Court of Human Rights. Comparative method has been applied for revealing difference between particular cloud services contracts and also comparing the compliance of cloud services contracts to requirements of basic European data protection principles, established in the international documents.
Findings – from the brief analysis of selected consumer oriented cloud service providers, it may be implied that more or less all the legal principles, established in the legal acts, are reflected in the privacy policies and/or service agreements. However, it shall be noted that there is a big difference in wording of the analysed documents. Regarding other principles, all examined cloud service providers do not have indemnification provisions regarding unlawful use of personal data.
Research limitations/implications – the concept of the contract was presented in a broad sense, including the privacy policies and/or terms and conditions of the service providers. In accordance with the content of the principles, the authors grouped data protection principles, applied in cloud services into fundamental and recommendatory.
Practical implications – the research results will be helpful for cloud service providers, dealing with personal data of data subjects (natural persons).
Originality/value – the mentioned research of cloud provider contracts examined 4 sets of standard terms and conditions of cloud service providers targeting individual consumers. The following personal data protection principles were evaluated: transparency, purpose specification and limitation, erasure of data, confidentiality, availability, integrity, indemnification.
Research type: research paper, viewpoint, case study.
##plugins.themes.bootstrap3.article.details##
Section
Articles
- The Author grants to the Publisher the exclusive right and licence to publish this Article without remuneration until the expiry of the economic rights: to reproduce the article in print and digital form, including its publication; to disseminate the original version of the Article or its copies in Lithuania and foreign countries; to translate the Article; to publish the article, including making it publicly available via computer networks; to reproduce and publish the Article in Lithuanian and foreign databases; to licence usage of the Article in ways described in this paragraph.
- The Author warrants that the economic rights of the Author have not been assigned or granted to third parties, that the Article has not been published so far and is not under consideration of being published elsewhere.
- The Author warrants that the Article does not violate intellectual property rights of others.
- After the Article is published in Social Technologies the Author shall have a right to make it public on personal website or on a website of an institution of affiliation, to reproduce it for non-commercial teaching or scholarly research purposes, clearly indicating that the primary source of its publication is Social Technologies.
- This consent shall be considered invalid if the Editorial Board of the Social Technologies decides not to publish the Article.
Authors contributing to Social Technologies agree to publish their articles under a Creative Commons Attribution 3.0 Unported (CC BY 3.0) Licence, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit, and that in the event of reuse or distribution, the terms of this licence are made clear.
