The Canadian Privacy Commissioner has published a paper "Reaching for the Cloud(s): Privacy Issues related to Cloud Computing" 29 March 2010 looking at general and privacy-specific issues raised by the phenomenon of cloud computing, including of course jurisdiction, and setting out the Commissioner's likely approach to any complaints about cloud computing.
One thoughtful and influential paper which the Canadian paper doesn't cite though is Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing by US lawyer Robert Gellman for the Cloud Privacy Forum, issued 23 February 2009 but obviously the issues raised in it are still very current. (And see the Forum's cloud computing page generally.)
In the EU, European cyber-security agency ENISA published an excellent Cloud Computing Security Risk Assessment in November 2009 (along with a recommended Cloud Computing Information Assurance Framework and an SME perspective on cloud computing survey), with some coverage of legal issues such as data protection, while the Article 29 Working Party's work programme for 2010-2011 is to include work on cloud computing.
Microsoft's General Counsel Brad Smith has called for both legal and industry changes in Europe to build confidence in the cloud (and similarly in relation to the USA), and Google's Global Privacy Counsel Peter Fleischer has pointed out the difficulties with "location" of data in the cloud and the resulting policy issues, praising the "far-sighted model adopted in Canada’s privacy laws".
A proposal for reforms to the EU Data Protection Directive is due by end 2010, so no doubt all these views will be taken into account.
©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.