There is a high privacy threat to users of the myriad cloud services on the internet especially those that operate dynamically based on personal information such as a person’s location, their user preferences, linked calendars and social networks. As such, the cloud represents a legal quagmire especially given that a specific application that appears to be one entity to the user may utilize numerous different resources provided by several different service providers in different locations around the globe. The handling of one’s personal and commercially sensitive data in the cloud has thus been sensitized in the wake of copyright law, creative commons efforts and data protection legislation, which is handled very differently from nation to nation and under different jurisdictions.
Siani Pearson of the Security and Cloud Lab at HP Labs in Bristol, UK and Prodromos Tsiavos of the National Documentation Centre at the National Hellenic Research Foundation, in Athens, Greece, suggest that the disparities and opacity regarding rights, intellectual property and data protection are to some degree hindering more widespread adopt of cloud services by companies and individuals wary of putting their data on to remote servers over which they lack ultimate control.
However, the pair suggest that, “As cloud computing evolves towards an ecosystem of service provision, there is an increasing need for users to be more in control of the services they receive and regulatory instruments are changing from purely legal to hybrid techno-legal systems.” As such, they hope to address certain aspects of the issues surrounding data and privacy and hasten this evolution to a more stable set of regulations and codes of conduct. The aim would be to ensure that cloud service providers can continue to profit from the systems they provide while users can rest assured that they are protected and not susceptible to espionage or worse theft of their intellectual property and data based on inappropriate law in certain regions of the globe.
Their “Smart Notices” approach builds on the well-known and increasingly widely adopted Creative Commons systems that seek to supersede apparently outmoded copyright laws, as such it has to meet minimum requirements with regards to legal, technical and social issues. In addition, the Smart Notices must be constructed so that they are easy to read and understand by users as well as being machine readable. Fundamentally, Smart Notices will be customisable and searchable, provide a set of related policies that would be shown to end users by service providers, based on the choices they make when signing up for services or implementing specific modules within an overarching service and so replace the current standard fixed notice approach, including the outdated, one-size-fits-all End User License Agreement (EULA).
The Smart Notice will, the team asserts, “provide a simple and transparent way of expressing the terms of service and the options available to the data subject before they share personal information with cloud service providers.” It will thus control legally, technically and socially what can and cannot be done with the end user’s data and to what features of the cloud services the end user will have access and under what mutual obligations concerning privacy and related matters. Smart Notices could be implemented widely as dynamic consent forms on cloud platforms, in e-government and shared databases providing legal and intellectual protection for all parties.
“Taking the Creative Commons beyond copyright: developing Smart Notices as user centric consent management systems for the cloud” in Int. J. Cloud Computing, 2014, 3, 94-124