Wednesday, 25 February 2009

Your privacy: cloud computing report & tips; privacy notices & ICO consultation

1. Cloud computing and your privacy

The World Privacy Forum on 23 February 2009 published:

For those not familiar with the term, ”cloud computing” is basically where your data is stored and available online e.g. Facebook, YouTube, Flickr, emails on Hotmail etc. Very convenient as you can login from anywhere you have a Net connection, but it involves risks to your privacy and private information.

To quote from the WPF summary (my emphasis):

“The report finds that for some information and for some business users, sharing may be illegal, may be limited in some ways, or may affect the status or protections of the information shared. Even when no laws or obligations block the ability of a user to disclose information to a cloud provider, disclosure may still not be free of consequences.

In its analysis and discussion of relevant laws, the report finds that both government agencies and private litigants may be able to obtain information from a third party more easily than from the creator of the information. A cloud provider’s terms of service, privacy policy, and location may significantly affect a user’s privacy and confidentiality interests.”

The report’s warnings on cloud computing and privacy seem particularly timely given the recent furore over Facebook’s Terms of Service or TOS allowing them to keep and use all your data even after you closed your account (see e.g. New York Times report and BBC reports and Facebook’s resulting “Bill of Rights and Responsibilities”). And, last year, there was a furore over the TOS for Google’s new Chrome browser too.

Using Chrome isn’t exactly the same as putting your data and information into the “cloud”, granted. But the Chrome TOS incident illustrates the same general issue. And in fact these issues aren’t new, even in relation to cloud computing – e.g. the Pew Internet and American Life project issued a memo on the use of cloud computing applications and services in Sept 2008, noting their increasing popularity amongst Americans but that “their message to providers of such services is: Let's keep the data between us.”

So, for instance, some time back I blogged about:

But the fuss clearly illustrates users’ increasing awareness of the fine print in the TOS of Web / internet services and their increasing concern about the risks to their privacy.

About time too, I say.

2. Privacy notices & your personal details – ICO consultation

As another sign of the growing realisation that this kind of problem needs to be addressed properly, on 12 January 2009 the UK information regulator, the Information Commissioner’s Office, had launched a consultation on a new draft Privacy Notices Code of Practice “designed to help organisations provide more user friendly privacy notices”. Particularly on their websites, of course, but it relates to all organisations that collect / store personal information about people.

To quote from the ICO (my emphasis):

“The ICO believes that some existing privacy notices contain too much legal jargon and are written to protect organisations, rather than to inform the public about how their information will be used… we want to ensure that privacy notices provide clear, user friendly information to the public about how their personal details will be used and what the consequences of this are likely to be”.

Not surprising and again about time too, I say!

If you do it by the closing date of 3 April 2009, us mere members of the public can respond on the draft Code of Practice on Privacy Notices too (e.g. if you don’t think it goes far enough to protect private individuals) - see the consultation page and their consultation response form (not a Web form but in RTF, and you have to save it in Word format and email it to

If these issues interest you, you may also be interested in:

1 comment:

Amey said...

Great points in this article.