The Right of Privacy in Data Stored in "Cloud Computing"

The Right of Privacy in Data Stored in "Cloud Computing"

Cloud computing is an emerging area, but what privacy rights do users have? The Electronic Communications Privacy Act and its component, the Stored Communications Act, are difficult enough to apply to regular computers and e-mail. What are the rules for cloud computing? Do the statutes need to be amended? In this Analysis, Kirsten Koepsel, Carey Lening and Ron Weikers examine the issues, service providers' practices, and the best practices for users. They write:

Cloud computing

     Google Documents, Amazon Web Services (AWS), and Mozy are examples of "cloud computing." Google Docs allows the user to "create and share your work online," "upload your files from your desktop," and gain "access [from] anywhere." With AWS a user can "requisition compute[r] power, storage, and other services --- gaining access to a suite of elastic IT infrastructure services as your business demands them." Mozy allows the user to protect music, photos, and other computer files. Users agree to terms of service prior to being able to access the "cloud" or store their documents or e-mails in the "cloud." Google's terms of service include a provision that "if Google disables access to your account, you may be prevented from accessing the Services, your account details or any files or other content which is contained in your account." . . . .

     . . . .

Right of Privacy in information on computers

     The Fourth Amendment states: "The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures, shall not be violated...." It is well settled that the right of privacy of individuals extends to protection of information on their own personal hard drives. The expectation of a right of privacy was extended to Internet communications under the Stored Communications Act (SCA) enacted as part of the Electronic Communications Privacy Act (ECPA) in 1986. Under the SCA, two types of providers are regulated: of electronic communication services (ECS) and of remote computing services (RCS). Access to stored communications located at an ECS requires a search warrant for disclosure of the contents of electronic communications in electronic storage for 180 days or less to government entities. Contents of electronic communications in electronic storage for more than 180 days at a RCS can be obtained by a search warrant, a subpoena, or a court order with prior notice to the subscriber. Privacy protections such as a search warrant, subpoena, or court order apply only to public computers under the SCA. An e-mail or a document is subject to different legal standards during its lifecycle.

     . . . .


     When the user puts information in the "cloud," she may not even know where the "cloud" is located or what expectation of privacy to have for her data and documents in the "cloud." Information that the user puts in the "cloud" eventually "ends up on a physical machine owned by a particular company or person located in a specific country." The stored information is then subject to the laws of the specific country in which the physical machine is located. If the physical machine is located in the United States, then the SCA would govern the right of privacy in the contents.

(footnotes omitted)

Access the full version of The Right of Privacy in Data Stored in "Cloud Computing" with your ID. Additional fees may be incurred. (approx. 12 pages) 

If you do not have a ID, you can purchase the Emerging Issues Analysis content through our lexisONE Research Packages