5.2.7 Data Subject Enablement

The final necessary element for end-to-end support of accountability across cloud provisioning chains is the provision of services aimed at enabling data subjects to consent, control, review and correct their personal data held in the cloud. Unlike all other functions in this section, data subject enablement is not a provider-side accountability support service, but rather is to be provided to the data subject as a separate tool, hosted in an environment hosted by the data subject or a trusted third party. As such, this tool does not appear in Figure 23 or Table 24.

Specifically, the Data Subject should be provided with facilities to:

• Provide consent about the use of their data;
• Request from a data controller access to their data stored in the cloud for review;
• Request from a data controller to correct or delete their data stored in the cloud;
• View detailed information about how the data has been shared and used by the data controller;
• Receive notifications of incidents affecting them;
• Receive assistance in requesting remediation and redress.

To support these functions, actors along the chain (excluding data subjects) should therefore implement services that implement the following functions:

• Track and produce evidence of all data uses;
• Provide means for data subjects to view their personal data held, along with meaningful metadata (e.g. time of data disclosure, etc.);
• Provide means for data subjects to amend or request deletion of their personal data held;
• Since almost all data subject controls will only interact with the data controller and not the actual data processors along the provisioning chain, services should be in place to facilitate the passing of data subject requests in an appropriate form to the relevant processors. Clearly, to support this capability the functionality provided by the accountability-support services described in previous sections (such as services to exchange enforceable policies and provide evidence) will be required.

One tool to consider in order to receive information about incidents occurring in the provisioning chain is the Cloud Trust Protocol (CTP). As described in 4.3.4, the CTP can be used to report alerts regarding the measured security level of a service, or more precisely the measured attribute of a specific resource. For example, if the availability of a disk resource falls below a user defined threshold, an alert can be sent to a user. This works also across a provisioning chain where one cloud provider can send an alert to another provider, which in turn sends an alert to another provider. In the case of a provisioning chain, the alerts might change in nature: an availability issue with a disk might become an availability issue with a database for the next provider in the chain. Importantly, CTP is agnostic to the notion of “data subject” and only reports security levels and the resources they affect. CTP is a protocol designed to be used between cloud customers and cloud providers, not between data subjects and providers. As such it is the responsibility of the “customer facing” provider to identify which cloud subjects are affected by an incident and to notify them appropriately.