Traditionally speaking, it is rather easy to establish the roles with regard to responsibility in controlling and processing data. The distinction between a controller and a processor as well as determining their tasks in most of the situations is generally graspable. However, this might not be the case in the cloud where understanding the responsibilities can be complex and challenging. It might be unclear who has the obligation to protect data in the cloud and this may lead to an unwanted situation where nobody is fully accountable in the event of a breach of rules.
In this environment of shared responsibility of a cloud, it is generally each party’s task to make the most from its side to keep the data safe. If we look at the situation from the cloud service consumer’s point of view, it is largely the question of how to save the files to the cloud and at the same time be sure that they cannot be accessed by unauthorised third parties. From the cloud service provider’s perspective, it is also important to ensure the confidentiality of the information in the cloud in order to build trust towards the services on offer. Additionally, service provider’s task is to build a safe infrastructure and fulfil its legal obligations.
In principle, it is in the interest of both parties to make the best use of the cloud, but it can never be forgotten that this kind of relations are also subject to threats that the human element in cooperation with cyberspace possesses. Hence, efforts from both sides are required for efficient results, and relying merely on the protection of law is probably not enough. As it might be difficult to determine the responsible party in every situation, account should be taken of the alternatives to minimise potential risks. Overcoming the insufficient responsibility issue that might occur from time to time due to the special essence of cloud computing, among other matters, one should:
Exploiting new technologies, including cloud computing, in business is definitely something that can result in efficiency. Yet, it is quite true that law cannot always keep up with technological developments, causing bottlenecks in addressing the issues that relate to those rather rapid changes. By paying sufficient attention to the subject matter, it is possible to mitigate the risk and this, of course, should be done in every possible way, even if the cloud may be somewhat disobedient to the legal regulations.