As part of this work, we analyzed and categorized the terms of TOS agreements and privacy policies of several major cloud services to aid in our assessment of the state of user privacy in the cloud. Our empirical analysis showed that providers take similar approaches to user privacy and were consistently more detailed when describing the user’s obligations to the provider than when describing the provider’s obligations to the user. This asymmetry, combined with these terms’ nonnegotiable nature, led us to conclude that the current approach to user privacy in the cloud is in need of serious revision.
In this work, we suggest adopting a legal regime that requires companies to provide baseline protections for personal information and also to take steps to enhance the parties’ control over their own data. We emphasize the need for a regime that allows for “data control” in the cloud, which we define as consisting of two parts: (1) the ability to withdraw data and require a service provider to stop using or storing the user’s information (data withdrawal); and (2) the ability to move data to a new location without being locked into a particular provider (data mobility). Ultimately, our goal with this work is to apply established law and privacy theories to services in the cloud and set forth a model for the protection of information privacy that recognizes the importance of informed and empowered users.
Jay P. Kesanis a Professor in the College of Law at the University of Illinois.He is the H. Ross & Helen Workman Research Scholar and Director, Program in Intellectual Property & Technology Law.Professor Kesan’s academic interests are in the areas of technology, law, and business.Specifically, his work focuses on patent law, intellectual property, entrepreneurship, cyberlaw, digital government (e-gov), agricultural biotechnology law, and biofuels regulation.He has served as a technical and legal expert and/or counsel in patent matters, and also serves on the boards of directors/advisors of start-up technology companies.
Professor Kesan has written many books, most recently Adopting Open Source Software, A Practical Guide (with Fitzgerald, Russo, Shaikh, and Succi), MIT Press (2011) and Intellectual Property in Business Organizations (with Ghosh and Gruner), Lexis-Nexis Publishing Co. (2nd ed., 2012) (a unique and first-of-its-kind casebook on transactional IP).He is a regular commentator on the radio program “Legal Issues in the News” on WILL Illinois Public Radio.He also serves as faculty editor-in-chief of the University of Illinois Journal of Law, Technology & Policy.He has developed an online course on “Legal Issues in Technology Entrepreneurship,” supported by a grant from the Coleman Foundation.
Professor Kesan received his J.D. summa cum laude from Georgetown University, where he received several awards, including Order of the Coif, and served as associate editor of the Georgetown Law Journal.Prior to attending law school, Dr. Kesan, who also holds a Ph.D. in electrical and computer engineering, worked as a research scientist at the IBM T.J. Watson Research Center in New York. He is a registered patent attorney and practiced at the former firm of Pennie & Edmonds LLP in the areas of patent litigation and patent prosecution. In addition, he has published numerous scientific papers and obtained several patents in the U.S. and abroad.
ITI is a campus-wide interdisciplinary unit of the University of Illinois at Urbana-Champaign, led by the College of Engineering, that is fostering excellence in information trust and security. Participating units include, among others, the College of Applied Health Sciences; the College of Business; the College of Engineering; the College of Law; the College of Liberal Arts and Sciences; the Department of Aerospace Engineering; the Department of Agricultural and Biological Engineering; the Department of Computer Science; the Coordinated Science Laboratory; the Department of Electrical and Computer Engineering; the Department of Industrial & Enterprise Systems Engineering; and the National Center for Supercomputing Applications.