figshare
Browse

File(s) under permanent embargo

Learning Lessons from Cloud Investigations in Europe: Bargaining Enforcement and Multiple Centers of Regulation in Data Protection

journal contribution
posted on 2023-09-01, 13:57 authored by Asma A. I. Vranaki
The race is on for businesses and consumers to join the cloud. From increased efficiency to low operational costs to scalability, reasons abound as to why we are adopting cloud solutions. However, unleashing the potential of cloud ecosystems for companies and individuals has not been without difficulties. Industry research has highlighted that data protection and privacy concerns, in particular, can often be one of the main inhibitors to the widespread adoption of cloud-based systems. Lately, some US-based cloud companies have been required to comply with European data protection laws through the regulatory process of investigation by European data protection authorities (“Cloud Investigations”). In this article, I analyze selected empirical findings from my recent qualitative socio-legal research project where I have examined the investigations of cloud providers by European data protection authorities (“EU DPAs”) to reflect on the roles of data protection laws during such investigations. I advance two arguments. Firstly, a decentralized perspective on Cloud Investigations sheds a more comprehensive light on the roles of data protection laws during Cloud Investigations without assuming a priority that such laws have a privileged and static role in the regulatory process. Secondly, and relatedly, I argue that by “cutting off the King’s head”, we can understand more fully the dynamic and context-dependent roles of data protection laws during Cloud Investigations. From time to time, law can be deployed to achieve the aims of the law-makers or enforcers. At other times, law can also be used as bargaining chips by EU DPAs and Cloud Providers to obstruct or facilitate the negotiations during Cloud Investigations. At other times still, law can often retreat from the field of action as other actors carry out the “act of government” to determine if and to what extent Cloud Providers are “accountable in reality.”

History

Refereed

  • Yes

Volume

2016

Issue number

2

Publication title

Journal of Law, Technology & Policy

ISSN

1532-3242

Publisher

University of Illinois

File version

  • Accepted version

Language

  • eng

Legacy posted date

2016-09-15

Legacy creation date

2016-09-11

Legacy Faculty/School/Department

ARCHIVED Faculty of Arts, Law & Social Sciences (until September 2018)

Usage metrics

    ARU Outputs

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC