Paul M. Schwartz,
Information Privacy in the Cloud, 161
U. Pa. L. Rev.
Available at: http://scholarship.law.berkeley.edu/facpubs/1906
Cloud computing is the locating of computing resources on the Internet in a fashion that makes them highly dynamic and scalable. This kind of distributed computing environment can quickly expand to handle a greater system load or take on new tasks. Cloud computing thereby permits dramatic flexibility in processing decisions—on a global basis. The rise of the cloud has also significantly challenged established legal paradigms. This Article analyzes current shortcomings of information privacy law in the context of the cloud. It also develops normative proposals to allow the cloud to become a central part of the evolving Internet. These proposals rest on strong and effective protections for information privacy that are also sensitive to technological changes. This Article takes a comparative focus: it examines legal developments in the United States and the European Union. As the White House noted in its 2012 consumer privacy framework, the United States "is a world leader" in cloud computing.' While leading cloud companies are U.S.- based, the European Union sets strong requirements for flows of personal data, and these obligations have already had a major impact on U.S. companies. The European Union's significant role in international decisions around information privacy has been bolstered by the authority of EU member states to block data transfers from their country to third-party nations. Such nations include the United States, which the European Union generally considers to lack "adequate" privacy protections. Moreover, the European Commission's release in late January 2012 of its "General Data Protection Regulation" provides a perfect juncture to assess the issue of privacy in the cloud.