Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

1

ITU Kaleidoscope 2015Trust in the Information Society

Barcelona, Spain

9-11 December 2015

Regulation and Standardization of Data Protection in Cloud

Computing

Martin G. Löhe and Knut BlindTechnische Universität Berlin, Faculty of Economics and

Management, Chair of Innovation Economicsloehe@tu-berlin.de

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

2

The Importance of Data

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

Fig. 1: Kontradiev waves or supercycles in the economy, [1; cp. 2].

oil data (“new oil”)

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

3

Economic Perspectives on Data

• If data is the new oil, data protection is an economicissue.

• Data (and also personal information) is traded on markets.

• Regulation of data protection is a form of market regulation.

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

4

Data Protection and Privacy

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

• Data that allows conclusions about people is personal data, or personal identifiable information (PII).

• Privacy: “the claim of individuals […] to determine for themselves when, how and to what extent information about them is communicated to others” [3].

• Most jurisdictions have rules (laws, constitutional rights, etc.) on data protection and privacy.

data protection privacy

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

5

The example of cloud computing

• Cloud computing: IT services virtualized by a network

• Allows an efficient management of IT resources and data.

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

• Facilitating use• Preventing “oil spills”

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

6

Goals of ISO/IEC 27018: addressed issues

• B2B standard for protecting customers’ assets• Easier compliance with law• More transparency• Easier outsourcing• Compliance verification by audits.

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

How to use it…

• Risk assessment• Select measures from controls• Get certificate

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

7

Challenge: Worldwide data – national regulation

How can worldwide usable cloud computing be effectively regulated?

� Hypothesis: Regulation could be performed by standards. Because…

- …standards have legal effects,- …standards can fill blank spaces and gaps of laws and- …standards can diffuse across borders.

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

8

Regulative Options and Interrelations

Functional view on regulation: All regimes that constrain (or enable) action options are regulation

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

- Statutory law / hard law (legislation, court verdicts, EU regulations, …)

- Self-regulation- Multi-stakeholder regulation

EU Commission

StandardizationOrganization

mandates

standard

Top down approach(„New Approach“)

issues

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

9

The Genesis of ISO/IEC 27018

• Industry seeks legal compliance of cloud services• EU legal system on data protection is governed by

95/46/EC (data protection directive).• All EU member states have to implement it. • Article 17 contains a vague legal concept:

• compliance problems!• liability risks!

• Assessment of the legal situation in the EU and it’s member states.

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

10

Potential Effects and the Regulative Landscape

• Possible international alignment of legal rules around the standard (which reflects a comparatively high level of protection)

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

Jurisdiction X

Jurisdiction Y

European Union

Standard

??

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

11

Conclusion & Future Research

• Comprehensive approach• Influence of legal regulation / legal link• Potential for harmonization.• Influence on legal regulation.

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

• Case studies in social media: How is ISO/IEC 27018 applied? What are the actual effects?

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

12

References

• [1] “Kontradiev wave” in Wikipedia, https://en.wikipedia.org/wiki/Kondratiev_wave, 2015.

• [2] Šmihula, Daniel: “The waves of the technological innovations of the modern age and the present crisis as the end of the wave of the informational technological revolution.” Studia politica Slovaca(Bratislava) 2009 (1): 32–47.

• [3] Westin, Alan F., “Privacy and freedom,” Atheneum, New York, 1967.

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society

13

Picture credits

• [2]– https://commons.wikimedia.org/wiki/File:Kondratieff_Wave.svg, by

“Rursus”, CC BY-SA 3.0– https://pixabay.com/de/%C3%B6l-bohrer-rig-erd%C3%B6l-kraftstoff-

29956/– https://commons.wikimedia.org/wiki/File:DARPA_Big_Data.jpg

• [4]– Own work based on © www.rainerkurzeder.com

• [5]– https://commons.wikimedia.org/wiki/File:Cloud_computing_icon.svg, by 百楽兎, CC BY-SA 3.0

– https://pixabay.com/de/vorh%C3%A4ngeschloss-gold-sperre-147913/• [8]

– Own work• [9]

– Own work• [10]

– Own work

Barcelona, Spain, 9-11 December 2015ITU Kaleidoscope 2015 - Trust in the Information Society