The cloud conundrum: who actually owns your data?
The rights to data are complex
Espion's R&D Scientist, Dr Keyun Ruan, who coined the term Cloud Forensics says: "Meta-data is still an ambiguous space and different provider infrastructure generates and tracks different meta-data.
"Providers are often not transparent to customers, especially where they use services from other cloud providers or brokers thus causing a chain of dependencies for meta-data ownership. Meta-data can be solely owned or co-owned by the provider. Make sure to ask for a list from your provider, and understand the reasons for generating meta-data, who has access to it, and the ownership of each, as well as regulatory obligations for e-discovery, search, seizure or investigation requirements if any."
Protect and serve
Whether you are a business or are using cloud-based data hosting for personal use, there are some key steps you can take to ensure you retain the ownership of your data:
1. Read all the terms and conditions of each of the services you are using.
2. Identify where your data will be stored and how these countries manage their data regulations in comparison to your home country.
3. All data that is moved to and from the cloud is encrypted. However, hosting services may not be compelled by law to hand over the encryption keys to your data should you need them.
4. Back up your data to portable media and store this off site if you can. This will give you an alternative source for your data if your cloud hosting service goes out of business.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
5. Enterprises that want to use cloud-based data storage services should take legal advice before choosing a service to partner with. This will ensure that the legal framework around the stored data is clear. A good example is data stored in the US that would be affected by the USA Patriot Act.
6. Check that your cloud service providers are compliant with standards such as SSAE16 and SOC2 certifications, among others. Ensure providers are subject to regular external audits and comply with best-available international standards for security, availability, integrity, privacy and confidentiality.
Digital ownership
The laws of intellectual property generally govern who owns the data you created personally and within a business process. In the UK these are the Copyright, Designs and Patents Act 1988 and the Copyright and Rights in Databases Regulations 1997.
These give ownership rights to the creator of any data. However, as the storage of that data could mean it being changed in some way by the cloud service provider, who then owns the new datasets? This is a potentially problematic issue.
Added to these potential issues is the question of where your data is stored, and therefore, which laws impact on its ownership and manipulation.
Andrew Joint, a Commercial Technology Partner at Kemp Little explained: "Within Europe the EU, has recognised that this is an issue on where there needs to be some clarity. The EU's Digital Agenda has specific goals for cloud computing which look to make sure it is an easy to access marketplace for SMEs."
Norton Rose Fulbright's Wilkinson concluded: "The EU is currently debating a new General Data Protection Regulation that will mark the first significant changes to European law in this area since 1995. It has been under discussion since 2012 and is anticipated to be ratified next year before coming into force around 2016.
"Draft versions of the new law suggest that it could have a significant impact on users and providers of cloud services in terms of stricter controls on the processing of personal data, harsher data security requirements and penalties.
"Also, user privacy includes the 'right to be forgotten', the concept of privacy by design by default, which will require that data protection issues are considered in the development of business processes for products and services. This will place greater burden on businesses to ensure that proposed cloud projects are fully compliant with the law."
Data ownership then has a number of facets that all need to be considered. Whether you are simply storing some family photos, or more sensitive information if your business uses cloud storage, it is vital to ensure you understand where ownership of your data lies.