Blog Post

Who Exactly Owns Your Data in the Cloud?

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

Between Gmail, Google Docs, Zoho, Facebook, Basecamp, Flickr, Twitter and countless other applications, much of our data now sits in the cloud. But few people ever stop to think about where that data is stored or how it might be accessed or used. So who exactly does own your data and who has access to it? And how much privacy can you expect?

These questions get all the more complex because many web application providers are using cloud services from the likes of Amazon and Google, which means data doesn’t necessarily sit on the app provider’s servers. Additionally, there is an increased use of APIs to facilitate greater interoperability among web apps, meaning that your data may be used in many ways that you don’t expect. How can you learn more about the rights you have to your data, as well as the rights others have to it? GigaOM Pro (subscription required) this week has a great report by Simon Mackie that tackles these questions. The report delves into two main issues:

Data Privacy. When it comes to the U.S., the Fourth Amendment states that people should “be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures…” But web-hosted applications and cloud services are too new for the courts to have been able to provide far-reaching guidance on data privacy online. Issues related to data privacy get even more complex when data is stored outside of the country. Some cloud services, such as Amazon’s, let you choose the region in which you want your data stored; and some, such as Google’s, don’t.

Data Security. There are any number of threats to your data online. Your application or service provider could go belly up, you could fall prey to hackers or you could simply be locked out of your account. The good news is that data portability and security policies are being scrutinized closely by several organizations, and there are steps you can take to reduce your vulnerability in the could.

For much more on these and other issues pertaining to your data and the cloud, see Simon’s full report.

5 Responses to “Who Exactly Owns Your Data in the Cloud?”

  1. I’ve written about this exact topic on two occasions for Technorati. There are a number of core issues underlying this topic as you point out. Before you can begin protecting your data, you actually need to understand who has it and who they think owns it, so you can then protect it. I recently had a personal experience with Sprint, where their customer record had my legal data and Sprint believed the owner was their customer whose data they were protecting and since I was not their customer they were challenged to expunge it from that record.

    We handshake our way around and across the web so fluidly today, we don’t even realize when we have given permission to share it, let alone who perhaps is operating under the (mis)impression they may own something we actually think we control.

  2. Interesting issues. Whatever you put in a rented apartment is your exclusive property for as long as you pay the rent (and for some locally-defined grace period afterward). If the landlord goes bankrupt, it’s still your property. So far, we have a good precedent for regulating cloud data.

    But if you abandon an apartment, after some time the landlord may sell your belongings to compensate him for storage, cleaning, unpaid rent, etc. Given differences between storage costs in the real and virtual worlds, and different implications for selling a couch or selling personal data, we’d probably want to require that unclaimed data is erased, or put on non-volatile memory and stored (a cheap security deposit could fund the latter).

    Questions over access should be solvable with real-world precedents (if you loan your keys to someone, there should be an understanding about whether they have the right to make and distribute copies…), and it shouldn’t be that hard to require simple disclosures and opt-in conditions for what companies are allowed to do with your data.

    How you prevent unexpected combinations of data – no idea.

    The Economist quoted some data expert a few months back as saying that personal information is like plutonium pellets: “Kept in secure containers, handled as seldom as possible and escorted whenever it has to travel. Should it get out into the environment, it will be a danger for years to come. Putting it into one huge pile is really asking for trouble.”