The cloud conundrum: who actually owns your data?

Eye
Are you keeping an eye on the storage of your information?

Think about your online activity over the last week. Chances are you sent a few emails via Gmail, moved some new family photos to an online storage service, perhaps creates some new posts for your blog, and updated your Pinterest, Facebook or Twitter accounts.

Add to this the fact that your online data could be stored in several different countries, and it becomes impossible to state that you own all the data you have created.

Dino Wilkinson, a partner with international legal practice Norton Rose Fulbright told TechRadar: "Under English law, there are no property rights in data as such – although this has not necessarily prevented individuals and businesses from treating data as property.

"Markets exist for buying or selling data and individuals regularly disclose their personal data in exchange for goods and services. However, the value in these cases is created through the right to sell or use the data in a certain way rather than a legal right of ownership.

Exercising your rights

"In the cloud context, the contract between service provider and customer must address this issue by defining the extent of the service provider's right to process and store data on behalf of the customer. The customer will often be under an obligation to impose restrictions on the service provider in relation to how they use the data due to legal and regulatory obligations imposed on the customer itself."

Dino continued: "For example, data protection laws give rights to individuals (or data subjects) in relation to the processing of their personal data; an organisation that collects such personal data may have legal obligations to process it in a certain way including limits on how it (and any third party contractors) use, disclose, hold and transfer that data.

"The collecting organisation (or data controller) will have to ensure that any cloud services provider it wants to use for the processing of that data will do so in a legally compliant way and in accordance with the data controller's policy. Typically, the issue is not one of data ownership but rather accountability to the data subjects."

When it comes to your data, looking closely at the terms and conditions of the online services you are using is of paramount importance. At present, the relevant parts of the terms and conditions of leading hosted service providers are as follows:

Amazon Web Services

'Your Applications, Data and Content. Other than the rights and interests expressly set forth in this Agreement, and excluding Amazon Properties and works derived from Amazon Properties you reserve all right, title and interest (including all intellectual property and proprietary rights) in and to Your Content.'

Google

'It is important that you can access your Google data when you want it, where you want it - whether is it to import it into another service or just create your own copy for your archives.'

Microsoft Office 365

'You own your data and retain all rights, title, and interest in the data you store with Office 365. You can download a copy of all of your data at any time and for any reason, without any assistance from Microsoft.'

Benefits of the hybrid model

And for businesses that are increasingly using cloud-based services to reduce costs and improve efficiency, creating a hybrid approach where the cloud and on-site servers are used can be effective. This offers a level of protection and more clarity of data ownership, as this information is not stored in the cloud. This approach is ideal if your business is in a regulated industry such as financial services, which have strict regulations about data storage.

One important aspect of data ownership is often called 'emergent data'. Many of the cloud service providers include in their terms and conditions the right to manipulate the data they are storing to create new data sets. Google is a good case here, as it often uses the data it is storing to generate its own metadata often for marketing purposes.

Latest in Pro
A person using a smartphone with a cybersecurity lock symbol appearing over it.
The growing threat of device code phishing and how to defend against It
Cybersecurity
Why OT security needs exposure management to break the cycle of endless patching
Employees sat around together discussing business issues.
AI deregulation: what smart leaders do when the rules go off the rails
Branch office chairs next to a TechRadar-branded badge that reads Big Savings.
This office chair deal wins the Amazon Spring Sale for me and it's so good I don't expect it to last
Saily eSIM by Nord Security
"Much more than just an eSIM service" - I spoke to the CEO of Saily about the future of travel and its impact on secure eSIM technology
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Latest in News
DeepSeek
DeepSeek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring