Privacy in the Clouds, Revisited: An Analysis of the Privacy Policies of 40 Cloud Computing Services

77 Pages Posted: 9 Apr 2021 Last revised: 7 May 2021

See all articles by Felicity Turton

Felicity Turton

Queen Mary University of London, School of Law - Centre for Commercial Law Studies

Dimitra Kamarinou

Queen Mary University of London, School of Law - Centre for Commercial Law Studies

Johan David Michels

Queen Mary University of London, School of Law - Centre for Commercial Law Studies

Christopher Millard

Queen Mary University of London, School of Law - Centre for Commercial Law Studies

Date Written: April 9, 2021

Abstract

In this paper, we analyse the results of a detailed survey of the privacy policies, and data protection terms more broadly, of 40 major cloud computing services, including Amazon Web Services, Google Cloud, and Microsoft Azure. We review terms relating to controller and processor designations; purposes and legal bases for data processing; individuals’ rights of access, rectification, and erasure of personal data; the right to data portability; security and data breach notification; monitoring; transfers of personal data outside of the EEA; and appointment of a Data Protection Officer. Where relevant, we compare the results to those of previous surveys conducted in 2010, 2013, and 2015 to show how cloud privacy policies have developed over time, including changes that appear to have been made in response to the General Data Protection Regulation.

For a related survey of the standard contracts of 40 cloud services, see “Contracts for Clouds, Revisited: An Analysis of the Standard Contracts for 40 Cloud Computing Services” on SSRN: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3624712

Keywords: Cloud computing, Data Protection, Privacy, Information Technology, Contracts, Privacy Policy, Terms of Service, Terms and Conditions, Data Subject, Rights, European Union, Localisation, GDPR

JEL Classification: K1, K12, K2, M15, L81, L86, K24, O33

Suggested Citation

Turton, Felicity and Kamarinou, Dimitra and Michels, Johan David and Millard, Christopher, Privacy in the Clouds, Revisited: An Analysis of the Privacy Policies of 40 Cloud Computing Services (April 9, 2021). Queen Mary Law Research Paper No. 354/2021, Available at SSRN: https://ssrn.com/abstract=3823424

Felicity Turton (Contact Author)

Queen Mary University of London, School of Law - Centre for Commercial Law Studies ( email )

67-69 Lincoln's Inn Fields
London, WC2A 3JB
United Kingdom

Dimitra Kamarinou

Queen Mary University of London, School of Law - Centre for Commercial Law Studies ( email )

67-69 Lincoln’s Inn Fields
London, WC2A 3JB
United Kingdom

HOME PAGE: http://www.law.qmul.ac.uk/staff/kamarinou.html

Johan David Michels

Queen Mary University of London, School of Law - Centre for Commercial Law Studies ( email )

67-69 Lincoln's Inn Fields
London, WC2A 3JB
United Kingdom

Christopher Millard

Queen Mary University of London, School of Law - Centre for Commercial Law Studies ( email )

67-69 Lincoln's Inn Fields
London, EC2A 3JB
United Kingdom

HOME PAGE: http://www.law.qmul.ac.uk/staff/millard.html

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
287
Abstract Views
659
rank
130,063
PlumX Metrics