PRIVACY REGULATION IN CLOUD
*Gagandeep Sodhi, **Milan Sharma
UID:*22MCC20175, **22MCC20042
*MCA – Cloud Computing & DevOps, UIC, Chandigarh University
Research Mentor: *Dr.Disha Handa
Abstract
Today's world is dominated by cloud
computing, which has changed how
businesses run by giving them access to
adaptable and affordable computer
resources. The usage of cloud
computing, however, also prompts
questions about the security and privacy
of data held there. In this essay, we
discuss the numerous privacy laws that
apply to cloud computing and the
difficulties that enterprises encounter in
adhering to these laws. We also talk
about some of the new developments in
privacy law and how they affect cloud
computing.
Keywords
Cloud Computing, Cloud Service
Provider, Public Cloud, Privacy
Regulation
Introduction
With the help of the ground-breaking
technology known as cloud computing,
users can now access computer
resources through the internet without
the need for on-site hardware and
software. Increasingly more people are
using cloud computing because of its
adaptability, scalability, and affordability.
The usage of cloud computing, however,
also prompts questions about the
security and privacy of data held there.
The necessity of regulating the privacy of
data kept in the cloud has come to light
more recently.
Regulation of privacy in cloud
computing:
The many laws, rules, and standards that
control the gathering, use, and
disclosure of personally identifiable
information kept in the cloud are
referred to as privacy regulation in cloud
computing. Protecting the privacy of
people whose data is kept in the cloud is
the main focus of privacy regulation in
cloud computing. Cloud computing has a
number of privacy laws, including:
 General Data Protection
Regulation (GDPR): On May 25,
2018, a European Union (EU)
regulation known as the GDPR
went into effect. The GDPR
restricts the gathering, use, and
disclosure of personal data with
the intention of protecting the
privacy of EU people. No matter
where the organization is
 situated, it must comply with the
GDPR whenever it collects, uses,
or stores the personal data of EU
persons.
 Consumer Privacy Act of
California (CCPA): A California
state law called the CCPA went
into force on January 1st, 2020.
The CCPA limits the gathering,
use, and dissemination of
personal information about
California residents in order to
safeguard their privacy. No
matter where an organization is
located, it must comply with the
CCPA if it collects, uses, or stores
personal data of California
residents.
 Health Insurance Portability and
Accountability Act (HIPAA):
HIPAA is a US federal legislation
that controls how protected
health information (PHI) about
individuals is collected, used, and
disclosed. Health plans,
healthcare clearinghouses, and
healthcare providers who keep
PHI are all subject to HIPAA
regulations.
Compliance with Privacy Rules
Challenges:
Organizations may find it difficult
to comply with privacy laws while
using cloud computing for a
number of reasons:
 Complexity: To guarantee
compliance with the cloud
computing industry's complicated
privacy requirements, firms must
put in place particular
organizational and technical
safeguards.
 Problems with Jurisdiction: The
location of the company, the
location of the data's storage,
and the location of the data
subject all affect how privacy
laws in cloud computing apply.
 Limits of Cloud Service Providers
(CSPs): CSPs may have
restrictions on the kinds of data
they can store as well as
restrictions on where they can
store that data.
New Developments in Privacy
Law:
 Global privacy regulation, which
tries to unify privacy rules across
several jurisdictions, is a
movement that is becoming
more prevalent. The GDPR, which
is applicable to all businesses that
keep the personal data of EU
people regardless of where the
business is situated, reflects this
tendency.
 Privacy by Design is a design
strategy that aims to integrate
privacy concerns into the
creation of systems, goods, and
services. The GDPR, which
mandates that businesses
incorporate privacy by design
 principles, reflects this emerging
trend in privacy law.
 Data localization: The act of
storing data locally is referred to
as data localization.
Literature Review
A wide range of legal, technical, and
moral concerns with the gathering, use,
and disclosure of personal information
are covered by the topic of privacy
regulation. The number and scope of
privacy legislation have significantly
increased in recent years, largely as a
result of worries about data breaches,
identity theft, and other privacy crimes.
i. Daniel J. Solove (2006) wrote
"The Development of Privacy
Law: A Personal Perspective": The
history of privacy law in the
United States is briefly discussed
in this essay, which also makes
the case that the current
regulatory system is unable to
handle the problems brought on
by contemporary technology.
ii. Samuel D. Warren and Louis D.
Brandeis' "The Right to Privacy"
(1890): The legal foundation for
the right to privacy in the United
States was established by this
seminal piece of literature.
iii. By Daniel Fabbri et al. (2018):
"The GDPR and Its Potential
Impact on U.S. Healthcare
Organizations" The General Data
Protection Regulation (GDPR) and
healthcare organizations in the
United States are discussed in
this study, with an emphasis on
the difficulties of compliance and
the potential advantages for
patients.
iv. (2018) author Natasha Singer's
"The Cambridge Analytica
Scandal, in 3 Paragraphs" An
overview of the Cambridge
Analytica controversy, which
exposed the ways in which
personal information can be used
for
political gain, is given in this New
York Times article.
v. Jens Grossklags and Alessandro
Acquisti's "Privacy by Design: A
Counterfactual Analysis of Google
and Facebook Privacy Incidents"
(2011): This essay examines the
idea of "privacy by design," which
emphasizes the value of
incorporating privacy safeguards
into technology at the outset as
opposed to depending on
corrective measures after the
fact.
vi. Avi Goldfarb and Catherine
Tucker's "Privacy Regulation and
Online Advertising" (2011): This
study looks at how privacy
regulations affect internet
advertising. It makes the case
that, despite privacy concerns
 having the potential to reduce
the efficiency of targeted
advertising, customers can still
benefit from improved openness
and control over their personal
data.
vii. By Eleonora L. Sanzaro and
Pierluigi Stefanini (2018), "Data
Protection and Privacy: The
European Regulation, the Italian
Implementation, and the Impact
on the Healthcare Sector": This
study investigates the effects of
the GDPR on the Italian
healthcare industry, emphasizing
both the difficulties in putting the
rule into practice and the
possible advantages for patients.
of artificial intelligence,
emphasizing the need for a
thoughtful strategy that respects
individual privacy without limiting
innovation.
Overall, these papers and articles
offer a variety of viewpoints on
privacy legislation, illustrating
both the advantages and
difficulties of legal frameworks
for safeguarding private data in
the digital world.

viii. By Jason Shao and Edward

Santow, "The Impact of Data
Protection Regulation on Artificial
Intelligence" (2019): This study
examines how data protection
laws affect the creation and use

Here is a Table of 11 Quick Literature Surveys

Title of Paper and Methodology Input Parameters Findings of the

Authors Used Study
V. Privacy after Legal analysis of the GLBA, FTC guidelines The author
GLBA [1] Gramm-Leach- provides an analysis
Bliley Act and FTC of how the Gramm-
guidelines Leach-Bliley Act and
the FTC Fair
Information
Practice Principles
impact online
transactions and
 suggests ways to
reconcile the two
regulations.
Above the Clouds Literature review Cloud computing The authors
[2] and case study provide an
analysis overview of cloud
computing and its
benefits and
challenges, as well
as a case study of
the Google cluster
architecture. They
also discuss the
research challenges
and opportunities
in the field.
A Gift of Fire [3] Literature review Ethics, law The author
and ethical analysis discusses various
ethical, legal, and
social issues related
to computing and
the internet, such
as privacy,
intellectual
property, and
freedom of speech.
She provides
examples of real-
world scenarios to
illustrate the
complexity of these
issues and
encourages readers
to think critically
about them.
Internet Privacy Comparative legal Privacy laws The authors
Law [4] analysis compare the
privacy laws and
regulations in the
United States and
the European Union
and highlight the
key similarities and
differences. They
 discuss the
implications of
these differences
for businesses and
individuals who
operate in both
regions.
Binding Corporate Case study analysis Binding corporate The authors analyze
Rules for Cross- and legal review rules the binding
Border Data corporate rules
Transfer [5] (BCRs) that
companies can use
to transfer personal
data across
borders. They
provide a case
study of a
multinational
company that
implements BCRs
and discuss the
benefits and
challenges of this
approach.
The EU Data Legal analysis and EU Data Protection The author
Protection Directive historical review provides a historical
[6] overview of the
development of the
EU Data Protection
Directive and its
impact on privacy
laws and
regulations in
Europe and
beyond. He
discusses the
challenges of
implementing the
directive and the
potential benefits
of a global privacy
regime.
Conclusion preserving the security and privacy of
individual data by cooperating.
In the last several years, the issue of
privacy laws in relation to cloud References
computing has drawn a lot of attention.
[1]D. Annecharico, "Notes & Comments:
Cloud computing has several advantages,
V. Privacy after GLBA: Online
including scalability and cost-
Transactions: Squaring the Gramm-
effectiveness, but it also poses a variety
Leach-Bliley Act Privacy Provisions With
of privacy issues, such as the possibility
the FTC Fair Information Practice
of data breaches, unauthorized access to
Principles." 637–695 in North Carolina
personal information, and a lack of
Banking Institute 6, 2002.
transparency and control over data.
[2]In addition to M. Armbrust, other
The challenges of compliance and
authors include A. Fox, R. Griffith, A.
enforcement, as well as the technical
Joseph, R. Katz, A. Konwinski, G. Lee, D.
and organizational steps that can be
Patterson, A. Rabkin, I. Stoica, and
taken to protect personal information in
others. The title of the article is "Above
the cloud, have all been the subject of
the clouds: A Berkeley view of cloud
research on privacy regulation in cloud
computing." University of California,
computing. Overall, the body of research
Berkeley, EECS Department, Technical
indicates that while privacy law is a
Report UCB/EECS-2009-28, 2009.
crucial tool for safeguarding individual
data in the cloud, it is not a magic fix. [3]In A Gift of Fire: Social, Legal, and
The specific problems that cloud Ethical Issues for Computing and the
computing presents must be addressed Internet, S. Baase discuss these issues.
through regulatory frameworks, 2007; Prentice Hall.
including concerns about data
[4]Internet Privacy Law: A Comparison
ownership, access, and management. To
between the United States and the
guarantee that personal information is
European Union, D. Baumer, J. Earp, and
safeguarded throughout its lifespan in
J. Poindexter. 400–412 in Computers &
the cloud, organizational and technical
Security 23, 5 (2004).
precautions must also be adopted.
[5]D. Bender and L. Ponemon, "Binding
Going forward, it will be crucial for
Corporate Rules for Cross-Border Data
academics and politicians to keep
Transfer." (2006) Rutgers Journal of Law
investigating fresh ideas for cloud
and Public Policy
privacy legislation, keeping in mind how
cloud computing is developing and how [6]M. Birnhack, "The EU Data Protection
the legal environment is shifting. Directive: An Engine of a Global
Stakeholders can guarantee that cloud Regime." Journal of Computer Law and
computing continues to provide its Security 24, no. 6 (2008).
numerous advantages while also