Jump to ContentJump to Main Navigation
Regulating the CloudPolicy for Computing Infrastructure$
Users without a subscription are not able to see the full content.

Christopher S. Yoo and Jean-Francois Blanchette

Print publication date: 2015

Print ISBN-13: 9780262029407

Published to MIT Press Scholarship Online: May 2016

DOI: 10.7551/mitpress/9780262029407.001.0001

Show Summary Details
Page of

PRINTED FROM MIT PRESS SCHOLARSHIP ONLINE (www.mitpress.universitypressscholarship.com). (c) Copyright The MIT Press, 2022. All Rights Reserved. An individual user may print out a PDF of a single chapter of a monograph in MITSO for personal use.date: 30 June 2022

Cloud Privacy Law in the United States and the European Union

Cloud Privacy Law in the United States and the European Union

(p.135) 5 Cloud Privacy Law in the United States and the European Union
Regulating the Cloud

Andrea Renda

The MIT Press

This paper reviews the legal framework for data protection in the US and the EU and the attempts made in both jurisdictions to adapt the framework to the challenges posed by cloud computing and the evolving IT ecosystem. The two legal systems have developed widely diverging approaches to the protection of privacy. On the one hand, the US relies on a patchwork of laws (including the Electronic Communications Privacy Act, the PATRIOT Act and the FISAA and many sectoral laws) and the enforcement activity of the Federal Trade Commission under Section 5 of the FTC Act. In the EU, privacy is considered as a fundamental right, and is protected through comprehensive, cross-sectoral legislation (the Data Protection Directive, currently being updated and transformed into a Regulation). The emergence of cloud computing poses challenges for both legal systems: what seems likely is that the US will keep under-protecting privacy in the name of efficient commercial transactions (with great responsibility placed on the FTC to monitor abuses of bargaining power and other deceptive/abusive practices); whereas in the EU cloud services might end up trapped into an over-formalistic legal framework, which leaves little room for trade-offs between privacy and welfare-enhancing customized service for data subjects. The paper discusses also the future of transatlantic data transfer, with the EU-US Safe Harbour and the Binding Corporate Rules currently being re-discussed in the aftermath of the “Datagate” scandal.

Keywords:   Data protection, Privacy, Fourth Amendment, ECPA, EU Data Protection Directive, EU-US Safe Harbour, Binding Corporate Rules, Datagate

MIT Press Scholarship Online requires a subscription or purchase to access the full text of books within the service. Public users can however freely search the site and view the abstracts and keywords for each book and chapter.

Please, subscribe or login to access full text content.

If you think you should have access to this title, please contact your librarian.

To troubleshoot, please check our FAQs, and if you can't find the answer there, please contact us.