The Privacy Implications of Cloud Computing

17 November 2009 - A Workshop on Security in Sharm el Sheikh, Egypt


Cloud Computing and its privacy and security implications are at the forefront of news media debate around the world. However, only regulators from developed countries are discussing its privacy and security policy implications. In 2008-2009, the US Federal Trade Commission and The Ontario Privacy Commissioner have discussed the matter. The Council of Europe raised the question of cloud computing, jurisdiction and international law enforcement at its Octopus conference in March 2009. The OECD will discuss the subject in October 2009. Civil Society has advocated for strong data protection laws and heightened enforcement, business interests dispute that regulation is necessary while law enforcement agencies highlight the challenges for investigating cybercrime and securing electronic evidence when the data is stored in the cloud. Those services are being used all over the world. However, there is a lack of understanding of the issue and a lack of participation by stakeholders from developing countries in this debate.

This workshop will explain the definition and various types of cloud computing services, and focus the policy debate on privacy and security risks of those services at user level. The objective is to understand how personal data is managed and processed, and to develop effective policy frameworks so that users can exercise control over their own personal data when that data is stored and processed in the cloud. We will also discussed how the current system of mutual legal assistance and jurisdiction may work for law enforcement agencies when the data is stored in the cloud, and attempt to identify the policy implications of cloud computing on security, privacy and law enforcement. This workshop will wrap up the various discussions held in different venues during 2009.


This workshop aims to bring together policy makers, advocates, researchers and users in order to start an ongoing dialogue to protect users' privacy rights.

Katitza Rodríguez, Electronic Privacy Information Center (EPIC), Graciela Selaimen, Estudos e Formação da Rits [NUPEF/RITS], Ms. Pamela Jones Harbour, Commissioner US Federal Trade Commission, Bertrand de La Chapelle, French Ministry of Foreign and European Affairs, Alexander Seger, Council of Europe,

Mr. Marc Rotenberg, Executive Director, Electronic Privacy Information Center (EPIC) 
Mr. Alexander Seger, Council of Europe 
A Privacy Expert Representative from OECD 
Ms. Pamela Jones Harbour, Commissioner US Federal Trade Commission (FTC), United States 
Ms. Graciela Selaimen, Núcleo de Pesquisas, Estudos e Formação da Rits [NUPEF/RITS], Brazil
Ms. Aramanzan Madanda, Uganda, Student DiploFoundation Advanced Phase on Privacy and Data Protection
Spanish Data Protection Authority
Kristin Lovejoy, IBM Representative (*)
Peter Cullen, Microsoft Chief Privacy Strategist (*)

This workshop have been merge with Workshop 71 "Cybercrime, cloud computing and international cooperation" organized by the Council of Europe, the workshop "Cloud Computing : technological, economic and policy dimensions", organized by the French Ministry of Foreign and European Affairs into the workshop: "The Privacy Implications of Cloud Computing" organized by the Electronic Privacy Information Center and Instituto Nupef, Brazil