Regulating the Cloud: A Comparative Analysis of the Current and Proposed Privacy Frameworks in Canada and the European Union

Abstract

Cloud computing is a growing phenomenon and promises greater efficiency and reduced-cost computing. However, some of the basic technological and business-related features of the Cloud are at odds with personal data protection laws. Canada and the European Union share similar core values related to privacy/data protection, and both regions aim to increase their competitiveness regarding cloud computing. Having these two similarities in mind, this paper explores the current legal and stakeholder landscape in Canada and the European Union with respect to cloud computing, data protection and how adoption of the model can be advanced. The analysis shows that neither of the frameworks is entirely compatible with cloud computing in its current application. Canada's legal landscape is slightly more hospitable, but is lacking direction from regulators, while the EU's non-harmonized and restrictive framework presents a challenge for cloud proliferation. Relevant stakeholders have diverging views on how data protection in the Cloud should be approached and 2012 will be a year during which these views will likely be debated in detail, in particular in response to the proposal of the European Commission on a new data protection framework. This paper concludes with distilling four possible options in this regard. Official version available in The Canadian Journal of Law and Technology: (2012) 10 C.J.L.T. 29 (Carswell).