Privacy in the Clouds, Revisited: An Analysis of the Privacy Policies of 40 Cloud Computing Services
77 Pages Posted: 9 Apr 2021 Last revised: 7 May 2021
Date Written: April 9, 2021
In this paper, we analyse the results of a detailed survey of the privacy policies, and data protection terms more broadly, of 40 major cloud computing services, including Amazon Web Services, Google Cloud, and Microsoft Azure. We review terms relating to controller and processor designations; purposes and legal bases for data processing; individuals’ rights of access, rectification, and erasure of personal data; the right to data portability; security and data breach notification; monitoring; transfers of personal data outside of the EEA; and appointment of a Data Protection Officer. Where relevant, we compare the results to those of previous surveys conducted in 2010, 2013, and 2015 to show how cloud privacy policies have developed over time, including changes that appear to have been made in response to the General Data Protection Regulation.
For a related survey of the standard contracts of 40 cloud services, see “Contracts for Clouds, Revisited: An Analysis of the Standard Contracts for 40 Cloud Computing Services” on SSRN: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3624712
JEL Classification: K1, K12, K2, M15, L81, L86, K24, O33
Suggested Citation: Suggested Citation