Cloud computing involves a variety of actors related each other through a tangle of outsourcing schemes and a fast and widespread circulation of data: all elements that challenge classical approaches to data storage and even defy the traditional perception of national borders. The main aim of this presentation is to provide the audience with a quick overview of some basic legal questions: identification of the applicable legislation (as cloud services physically involve several countries); lawfulness of extra-EU transfers of personal data; determination of security standards; data subjects’ rights to transparency and control, including the right to “data portability”; accountabily of the cloud provider. Such topics are either totally dependant or strictly connected with a correct allocation of privacy roles (controller/processor), that have to be viewed in the light of the recent position expressed by the European data protection authorities (the “art. 29 Working Party”). The presentation will also raise attention over some provisions of the forthcoming Regulation on data protection, expected to enter into force in 2014. Finally, it will briefly address some generally shared concerns related to the protection of intellectual property in a cloud environment.
Description of the work
Enrico Pelino is a Senior Associate at ICT Legal Consulting and an attorney in the Bologna bar since 2003. He is specialised in data protection and IT law, which have been his core interests all over his professional career. In recent years, he has been deeply involved in exploring the tangle of legal implications generated by the large-scale adoption of cloud computing technologies. He also works on such topics as a Fellow of the European Privacy Association (EPA) and the Istituto Italiano per la Privacy (Italian Privacy Institute). As an attorney, he actively practices private and commercial litigation and contract law. He graduated with honours from the University of Parma in 1998 and then had a longstanding collaboration with CIRSFID, a University-linked centre of research based in Bologna. In 2005, he earned his Ph.D. in IT law from the University of Bologna with a dissertation on data protection and control. He took part in a number of high-profile research projects, among which the 2007 Italian PRIN research project (Research Project of National Interest).