Jump to Navigation


Monitoring Personal Data Transfers in the Cloud

Cloud computing brings a number of compliance risks to organisations because physical perimeters are not clearly delimited. Many regulations relate to the location of the data processing (and storage), including the EU Data protection directive. A major problem for cloud service consumers, acting as data controllers, is how to demonstrate compliance to data transfer constraints. We address the lack of tools to support accountable data localization and transfer across cloud software, platform and infrastructure services, usually run by data processors. In this paper we design a framework for automating the collection of evidence that obligations with respect to personal data handling are being carried out in what concerns personal data transfers. We experiment our approach in the Open Stack open source IaaS implementation, showing how auditors can verify whether data transfers were compliant.

Anderson Santana de Oliveira, Jakub Sendor, Alexander Garaga and Kateline Jenatton
Publication Date: 
Monday, December 2, 2013 to Thursday, December 5, 2013
Bristol, UK
Publication Reference: 

Santana de Oliveira A., Sendor J., Garaga A., Jenatton K., "Monitoring Personal Data Transfers in the Cloud", Proceedings of the 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), Volume 1, Page(s): 347 - 354, INSPEC Accession Number: 14146238, IEEE, DOI: 10.1109/CloudCom.2013.52