Cloud computing is the locating of computing resources on the Internet in a fashion that makes them highly dynamic and scalable. This kind of distributed computing environment can quickly expand to handle a greater system load or take on new tasks. Cloud computing thereby permits dramatic flexibility in processing decisions—on a global basis. The rise of the cloud has also significantly challenged established legal paradigms. This Article analyzes current shortcomings of information privacy law in the context of the cloud. It also develops normative proposals to allow the cloud to become a central part of the evolving Internet. These proposals rest on strong and effective protections for information privacy that are also sensitive to technological changes.
This Article examines three areas of change in personal data processing due to the cloud. In doing so, it draws on an empirical study in which I analyzed the data processing of six major international companies.5 The first area of change concerns the nature of information processing at companies. A second legal issue concerns the multidirectional nature of modern data flows, which occur today as a networked series of processes made to deliver a business result. A final change relates to the shift toward a process-oriented manage- ment approach. Users no longer need to own technology, whether software or hardware, that is placed in the cloud. Rather, different parties in the cloud can contribute inputs and outputs and execute other kinds of actions. Thus, this Article’s focus is a comparative one from which it explores significant changes in data processing due to the cloud and the resulting tension with contemporary information privacy law.