Scope
Key Principles
- The focus of the Cloud Accountability Project is accountability under data protection laws for personal data processed in cloud service provision ecosystems [1].
- We will consider accountability obligations owed by cloud service providers, and organisations that use cloud services, to data subjects and data protection regulators. Accountability of individuals in a private context is excluded, although accountability of service providers for the actions (or inactions) of their employees is in scope.
- We will also consider how our proposed accountability mechanisms might apply to certain types of confidential information that do not involve personal data [2].
- Government surveillance, including government acquisition of data from cloud service providers [3], is outside the scope of this project, except where it relates specifically to a data protection law accountability mechanism.