PRIVACY REGULATION IN CLOUD

*Gagandeep Sodhi, **Milan Sharma

UID:*22MCC20175, **22MCC20042
*MCA – Cloud Computing & DevOps, UIC, Chandigarh University
Research Mentor: *Dr.Disha Handa Mahendru
using cloud computing because of its
adaptability, scalability, and affordability.
Abstract The usage of cloud computing, however,
Today's world is dominated by cloud also prompts questions about the
computing, which has changed how security and privacy of data held there.
businesses run by giving them access to The necessity of regulating the privacy of
adaptable and affordable computer data kept in the cloud has come to light
resources. The usage of cloud more recently.
computing, however, also prompts Regulation of privacy in cloud
questions about the security and privacy computing:
of data held there. In this essay, we
discuss the numerous privacy laws that The many laws, rules, and standards that
apply to cloud computing and the control the gathering, use, and
difficulties that enterprises encounter in disclosure of personally identifiable
adhering to these laws. We also talk information kept in the cloud are
about some of the new developments in referred to as privacy regulation in cloud
privacy law and how they affect cloud computing. Protecting the privacy of
computing. people whose data is kept in the cloud is
the main focus of privacy regulation in
Keywords cloud computing. Cloud computing has a
Cloud Computing, Cloud Service number of privacy laws, including:
Provider, Public Cloud, Privacy  General Data Protection Regulation
Regulation (GDPR): On May 25, 2018, a European
Union (EU) regulation known as the
Introduction
GDPR went into effect. The GDPR
With the help of the ground-breaking restricts the gathering, use, and
technology known as cloud computing, disclosure of personal data with the
users can now access computer intention of protecting the privacy of EU
resources through the internet without people. No matter where the
the need for on-site hardware and organization is situated, it must comply
software. Increasingly more people are with the GDPR whenever it collects, uses,
 or stores the personal data of EU data's storage, and the location of the
persons. data subject all affect how privacy laws
in cloud computing apply.
 Limits of Cloud Service Providers (CSPs):
 Consumer Privacy Act of California CSPs may have restrictions on the kinds
(CCPA): A California state law called the of data they can store as well as
CCPA went into force on January 1st, restrictions on where they can store that
2020. The CCPA limits the gathering, use, data.
and dissemination of personal
information about California residents in
order to safeguard their privacy. No New Developments in Privacy Law:
matter where an organization is located,  Global privacy regulation, which tries to
it must comply with the CCPA if it unify privacy rules across several
collects, uses, or stores personal data of jurisdictions, is a movement that is
California residents. becoming more prevalent. The GDPR,
which is applicable to all businesses that
 Health Insurance Portability and keep the personal data of EU people
Accountability Act (HIPAA): HIPAA is a US regardless of where the business is
federal legislation that controls how situated, reflects this tendency.
protected health information (PHI) about  Privacy by Design is a design strategy
individuals is collected, used, and that aims to integrate privacy concerns
disclosed. Health plans, healthcare into the creation of systems, goods, and
clearinghouses, and healthcare providers services. The GDPR, which mandates that
who keep PHI are all subject to HIPAA businesses incorporate privacy by design
regulations. principles, reflects this emerging trend in
privacy law.
Compliance Privacy Rules Challenges:  Data localization: The act of storing data
locally is referred to as data localization.
Organizations may find it difficult to
comply with privacy laws while using
cloud computing for a number of
Literature Review
reasons:
A wide range of legal, technical, and
moral concerns with the gathering, use,
 Complexity: To guarantee compliance
and disclosure of personal information
with the cloud computing industry's
are covered by the topic of privacy
complicated privacy requirements, firms
regulation. The number and scope of
must put in place particular
privacy legislation have significantly
organizational and technical safeguards.
increased in recent years, largely as a
 Problems with Jurisdiction: The location
result of worries about data breaches,
of the company, the location of the
identity theft, and other privacy crimes.
 i. Daniel J. Solove (2006) wrote "The technology at the outset as opposed to
Development of Privacy Law: A Personal depending on corrective measures after
Perspective": The history of privacy law the fact.
in the United States is briefly discussed in
this essay, which also makes the case vi. Avi Goldfarb and Catherine Tucker's
that the current regulatory system is "Privacy Regulation and Online
unable to handle the problems brought Advertising" (2011): This study looks at
on by contemporary technology. how privacy regulations affect internet
advertising. It makes the case that,
ii. Samuel D. Warren and Louis D. Brandeis' despite privacy concerns having the
"The Right to Privacy" (1890): The legal potential to reduce the efficiency of
foundation for the right to privacy in the targeted advertising, customers can still
United States was established by this benefit from improved openness and
seminal piece of literature. control over their personal data.

iii. By Daniel Fabbri et al. (2018): "The GDPR vii. By Eleonora L. Sanzaro and Pierluigi
and Its Potential Impact on U.S. Stefanini (2018), "Data Protection and
Healthcare Organizations" The General Privacy: The European Regulation, the
Data Protection Regulation (GDPR) and Italian Implementation, and the Impact
healthcare organizations in the United on the Healthcare Sector": This study
States are discussed in this study, with investigates the effects of the GDPR on
an emphasis on the difficulties of the Italian healthcare industry,
compliance and the potential advantages emphasizing both the difficulties in
for patients. putting the rule into practice and the
possible advantages for patients.
iv. (2018) author Natasha Singer's "The
Cambridge Analytica Scandal, in 3 viii. By Jason Shao and Edward Santow, "The
Paragraphs" An overview of the Impact of Data Protection Regulation on
Cambridge Analytica controversy, which Artificial Intelligence" (2019): This study
exposed the ways in which personal examines how data protection laws
information can be used for Political affect the creation and use of artificial
gain, is given in this New York Times intelligence, emphasizing the need for a
article. thoughtful strategy that respects
individual privacy without limiting
v. Jens Grossklags and Alessandro innovation. Overall, these papers and
Acquisti's "Privacy by Design: A articles offer a variety of viewpoints on
Counterfactual Analysis of Google and privacy legislation, illustrating both the
Facebook Privacy Incidents" (2011): This advantages and difficulties of legal
essay examines the idea of "privacy by frameworks for safeguarding private
design," which emphasizes the value of data in the digital world.
incorporating privacy safeguards into
 Here is a Table of 11 Quick Literature Surveys

Title of Paper and Methodology Input Parameters Findings of the

Authors Used Study
V. Privacy after Legal analysis of the GLBA, FTC guidelines The author
GLBA [1] Gramm-Leach- provides an analysis
Bliley Act and FTC of how the Gramm-
guidelines Leach-Bliley Act and
the FTC Fair
Information
Practice Principles
impact online
transactions and
suggests ways to
reconcile the two
regulations.
Above the Clouds Literature review Cloud computing The authors
[2] and case study provide an
analysis overview of cloud
computing and its
benefits and
challenges, as well
as a case study of
the Google cluster
architecture. They
also discuss the
research challenges
and opportunities
in the field.
A Gift of Fire [3] Literature review Ethics, law The author
and ethical analysis discusses various
ethical, legal, and
social issues related
to computing and
the internet, such
as privacy,
intellectual
property, and
freedom of speech.
She provides
examples of real-
world scenarios to
 illustrate the
complexity of these
issues and
encourages readers
to think critically
about them.
Internet Privacy Comparative legal Privacy laws The authors
Law [4] analysis compare the
privacy laws and
regulations in the
United States and
the European Union
and highlight the
key similarities and
differences. They
discuss the
implications of
these differences
for businesses and
individuals who
operate in both
regions.
Binding Corporate Case study analysis Binding corporate The authors analyze
Rules for Cross- and legal review rules the binding
Border Data corporate rules
Transfer [5] (BCRs) that
companies can use
to transfer personal
data across
borders. They
provide a case
study of a
multinational
company that
implements BCRs
and discuss the
benefits and
challenges of this
approach.
The EU Data Legal analysis and EU Data Protection The author
Protection Directive historical review provides a historical
[6] overview of the
development of the
EU Data Protection
 Directive and its
impact on privacy
laws and
regulations in
Europe and
beyond. He
discusses the
challenges of
implementing the
directive and the
potential benefits
of a global privacy
regime.

Conclusion guarantee that personal information is

safeguarded throughout its lifespan in
In the last several years, the issue of the cloud, organizational and technical
privacy laws in relation to cloud precautions must also be adopted.
computing has drawn a lot of attention.
Cloud computing has several advantages, Going forward, it will be crucial for
including scalability and cost- academics and politicians to keep
effectiveness, but it also poses a variety investigating fresh ideas for cloud
of privacy issues, such as the possibility privacy legislation, keeping in mind how
of data breaches, unauthorized access to cloud computing is developing and how
personal information, and a lack of the legal environment is shifting.
transparency and control over data. Stakeholders can guarantee that cloud
computing continues to provide its
The challenges of compliance and numerous advantages while also
enforcement, as well as the technical preserving the security and privacy of
and organizational steps that can be individual data by cooperating.
taken to protect personal information in
the cloud, have all been the subject of References
research on privacy regulation in cloud
[1]D. Annecharico, "Notes & Comments:
computing. Overall, the body of research
V. Privacy after GLBA: Online
indicates that while privacy law is a
Transactions: Squaring the Gramm-
crucial tool for safeguarding individual
Leach-Bliley Act Privacy Provisions With
data in the cloud, it is not a magic fix.
the FTC Fair Information Practice
The specific problems that cloud
Principles." 637–695 in North Carolina
computing presents must be addressed
Banking Institute 6, 2002.
through regulatory frameworks,
including concerns about data [2]In addition to M. Armbrust, other
ownership, access, and management. To authors include A. Fox, R. Griffith, A.
Joseph, R. Katz, A. Konwinski, G. Lee, D. Distributed Systems, vol. 24, no. 6, pp.
Patterson, A. Rabkin, I. Stoica, and 1172-1182, 2013.
others. The title of the article is "Above
[9]Velte, T. A, Velte, T. J., Elsenpeter, R.
the clouds: A Berkeley view of cloud
Cloud Computing: A Practical Approach.
computing." University of California,
Berkeley, EECS Department, Technical [10]D. Bender and L. Ponemon, "Binding
Report UCB/EECS-2009-28, 2009. Corporate Rules for Cross-Border Data
Transfer." (2006) Rutgers Journal of Law
[3]In A Gift of Fire: Social, Legal, and
and Public Policy
Ethical Issues for Computing and the
Internet, S. Baase discuss these issues. [11]M. Birnhack, "The EU Data
2007; Prentice Hall. Protection Directive: An Engine of a
Global Regime." Journal of Computer
[4]Internet Privacy Law: A Comparison
Law and Security 24, no. 6 (2008).
between the United States and the
European Union, D. Baumer, J. Earp, and
J. Poindexter. 400–412 in Computers &
Security 23, 5 (2004).
[5] R. Bala Chandar, M. S. Kavitha , K.
Seenivasan,” A proficient model for high
end security in cloud computing”,
International Journal of Emerging
Research in Management &Technology,
Vol.5, Issue 10.
[6]AmanKumar,Dr.SudeshJakhar,Mr
Sunil Makka, “Comparative Analysis
between DES and RSAAlgorithm’s”,
International Journal of Advanced
Research in Computer Science and
SoftwareEngineering , Vol.2 Issue.7,
July2012.
[7]P. Mell, and T. Grance, “The NIST
definition of cloud computing (draft),”
NIST special publication, vol. 800, no.
145, pp. 7, 2011.
[8]K. Ren and W. Lou, "Enabling
secureandefficient ranked keyword
searchoveroutsourced cloud data,"
IEEETransactionson Parallel and