Monitoring Personal Data Transfers in the Cloud

Author

De Oliveira, Anderson Santana ; Sendor, Jakub ; Garaga, Alexander ; Jenatton, Kateline

Author_Institution

SAP Labs., France

Volume

1

fYear

2013

fDate

2-5 Dec. 2013

Firstpage

347

Lastpage

354

Abstract

Cloud computing brings a number of compliance risks to organisations because physical perimeters are not clearly delimited. Many regulations relate to the location of the data processing (and storage), including the EU Data protection directive. A major problem for cloud service consumers, acting as data controllers, is how to demonstrate compliance to data transfer constraints. We address the lack of tools to support accountable data localization and transfer across cloud software, platform and infrastructure services, usually run by data processors. In this paper we design a framework for automating the collection of evidence that obligations with respect to personal data handling are being carried out in what concerns personal data transfers. We experiment our approach in the Open Stack open source IaaS implementation, showing how auditors can verify whether data transfers were compliant.

Keywords

cloud computing; data communication; data protection; public domain software; EU data protection directive; OpenStack open source IaaS implementation; cloud computing; cloud infrastructure services; cloud platform; cloud service consumers; cloud software; data controllers; data localization; data processing; data processors; data storage; personal data handling; personal data transfer monitoring; Data privacy; Data transfer; Databases; Monitoring; Process control; Program processors; Servers; Accountability; Auditing; Cloud computing; Compliance; Data tracking; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Cloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on

Conference_Location

Bristol

Type

conf

DOI

10.1109/CloudCom.2013.52

Filename

6753817