• Subscribe

Losing your rights in a legal cloud

Speed read
  • Intellectual property rights are eroding in the digital age.
  • Terms of service agreements do not benefit the end user.
  • Data fiduciaries can restore confidence and individual rights.

Do you give up certain legal protections when your personal records wind up in the cloud? Have personal property and privacy rights transformed in the advent of cloud computing?

Yes and yes, says Kristina Irion, the Marie Curie fellow at the Institute for Information Law (IViR) at the University of Amsterdam.

“Intuitively, most people think that their data belongs to them,” she observes. “They have a very natural idea about what property is, and will become aware only late that by storing their data in the cloud they are giving up the most important means of control and are fully at the mercy of the cloud service provider (CSP).”

What's a little data between friends?

Irion lumps personal digital data into two categories:

1) Personal documentation and management: Birth or identification cards, biographical records (education and employment history, for example), contracts, receipts, and more.

2) Ideational and intellectual explorations: Private memories — diaries, correspondence, images — as well as creative expressions, book annotations, music, and films.

Your identity is virtually represented in these personal records, and is what remains and forms your legacy once you're gone.

Global cloud traffic will exceed 6.5 zettabytes (541 exabytes per month) by 2018, with 53% of internet users (2 billion people) opting for cloud-based storage, according to a Cisco estimate. No longer housed in your desk or on your mantel, these personal effects are on a server many miles away — abstracted and alienated from their source.

The difficulty with cloud computing – and what makes it distinct from other communication intermediaries (say, the post office or phone company) – is that “there is no comparable legal paradigm that protects individuals’ personal records when at rest under the control of a third party,” Irion says. 

The private individual and the CSP share control over these digital artifacts. Moreover, most terms of service (TOS) favor the CSP's interests and “reinforce the client’s dependency on the service provider and thus only entrench the loss of control over her data,” Irion says.

A cloud service provider can effect immediate change to the standard terms of service, in many cases without notice. They have unfettered permission to use your data, including sharing it with another party.

In an article published September in International Journal of Law and Information Technology, Irion worries that, absent a strong legal protection, consumers run the risk of exploitation as data is increasingly commodified. As CSPs move to make money from advertising, they’ll have little obstacle to pilfering your information (as Google has, for instance) in order to find more effective methods of marketing to you.

Given the consumer’s lack of negotiation power, Irion believes the solution may be a data fiduciary, a concept that's gaining traction among legal scholars lately. Much like a trust fund or lending institution, a data fiduciary would take care of consumer information, and respect the concepts of sovereignty and privacy we’ve come to expect in our modern democracies.

Like other fiduciaries, information fiduciaries would work on our behalf, writes Jack Balkin, director of the Information Society Project at Yale University.  Lawyers, doctors, and accountants already function in a similar capacity — wielding our personal information with our best interests placed first. 

<strong>First Databank & Trust. </strong>Terms of service agreements typically do not benefit the end users of cloud computing. Kristina Irion points a way to renewed trust: Data fiduciaries. With a data fiduciary acting in our interest, we could rest easy knowing our personal effects, now digitized and stored elsewhere, remain our own property.

If data fiduciaries were installed, then TOS agreements would reflect the rights consumers expect: CSPs, if structured as a data fiduciary, would be limited in what information they could collect, use, and sell.

We would regain our confidence that our data is protected, yet fluid enough to enable the modern information marketplace. We could expect our data to remain in our sole possession, and not be handed over to a third party without a warrant. But until a data fiduciary legal framework is created, we yield control when agreeing to the TOS.

Want to delete the data you’ve stashed in the cloud? That’s up to the CSP. Want to decide where your data resides? Forget about it — that’s up to the CSP. What happens to your data if you declare bankruptcy and your service relationship terminates? Do you even know how many copies there are? You probably don’t, since that’s the purview of the service provider.

So in what sense do you control your own data? And in what meaningful sense is it yours if you can’t control it?

Join the conversation

Do you have story ideas or something to contribute? Let us know!

Copyright © 2021 Science Node ™  |  Privacy Notice  |  Sitemap

Disclaimer: While Science Node ™ does its best to provide complete and up-to-date information, it does not warrant that the information is error-free and disclaims all liability with respect to results from the use of the information.


We encourage you to republish this article online and in print, it’s free under our creative commons attribution license, but please follow some simple guidelines:
  1. You have to credit our authors.
  2. You have to credit ScienceNode.org — where possible include our logo with a link back to the original article.
  3. You can simply run the first few lines of the article and then add: “Read the full article on ScienceNode.org” containing a link back to the original article.
  4. The easiest way to get the article on your site is to embed the code below.