Legalities Over the Cloud and Who Owns your Data

When trying to figure out who has rights to your data there are three things to consider: you, the cloud provider, and the region your data is held in. A lot of the issues become issues because of the varying laws; where your data is held might be in different country than the country you uploaded from. So, even after you figure out what your agreement is with a Cloud provider they can be subject to the particular laws of another country; fore instance America has a set of laws known as the Patriot Act which grants the US government access under certain conditions. So even after you figure out who owns the data, and what that means, you might not have control over who is accessing the data.

When you decide on a Cloud provider there are a number of things that you want to look at. One of them being the terms of service that will, most likely, define how a provider views your data, and what they can do with it. The terms of service will be restricted by your regions governing principles. Fore-instance in England they have the ‘Copyright and Rights in Databases Regulations 1997’ to help clear up some of the vagaries of this new technological development. The law defines two types of data one that is protected by copyright law, and ones that aren’t but are still regulated in their way. The existence of the law is a step in the right direction towards clarifying ownership of the information that is being stored in the Cloud.

Although to confuse this issue even further is the fact that some of your information may be stored in your own database but you are using a Cloud service to handle it from time to time. Or your Cloud provider is servicing out to another Cloud provider; so they may host your information in a storage unit that isn’t their own. Each of these situations has unique problems and each part of this chain of concerns depends on user agreements and the particular governing bodies. So there is no single solution to answer the question of who owns your data, and as this issue becomes generally understood hopefully we will see some best practices winning out. Although I wouldn’t necessarily say there is no way to find out. There are some things that can be done to better understand what is happening. Unfortunately one of those things is reading over all your relevant user agreements, and as one source claims it would take roughly 250 working hours to read all the user/privacy agreements most of us come across in one year. So you have to balance your need to know with your time, but be warned the details are important.

Understanding governing rules of where your data is being held or processed is not insignificant either. Each region is going to have its own governing rules about what happens when data is processed and the processing of the data may influence who owns the data now that it has been changed. So each step and movement of your data becomes an important issue to consider when deciding on a Cloud provider.

Who owns your data, then? It depends on the governing laws and user agreement made between you and the Cloud provider. It also depends upon the governing laws of where your data is being held, in addition to the agreements that your cloud provider may be making with their cloud provider. The Cloud has so much under the umbrella of Cloud services, that often one type of Cloud provider will outsource to another type of Cloud provider.