In the era of globalization, why isn't there an international cloud bill of rights?

Evelyn De Souza
Evelyn De Souza

Cloud is enmeshed in our daily lives; spanning everything from the way we communicate and how we work, to supporting critical infrastructure such as water treatment and electricity plants. The cloud has even become our children’s playground; when children play games online and communicate via email they are using cloud-based technologies.

Because many providers may not explicitly inform users about cloud usage, many customers may not realize that their information has been transmitted and stored in a public cloud, versus residing on their actual device. Given the cloud’s pervasive use, shouldn’t it be a fundamental right for all citizens to have safeguards around their information and to know how and where their data might be stored and used?

In today’s digital era developers are constantly innovating and pioneering new connected technologies that hold the promise to further revolutionize the way we work or live. As Cisco’s Internet Business Solutions Group (IBSG) predicts some 25 billion devices will be connected by 2015, and 50 billion by 2020. However, instead of making privacy an underlying fundamental part of the design, it is much too often a post-build consideration.

Cloud Bill of Rights

A Cloud Bill of Rights could be a strong business enabler. Developers would find it far easier to navigate a universal Cloud Bill of Rights versus over 4,000 overlapping and sometimes contradicting data privacy related laws worldwide.

These international legislative approaches range from sectoral in one part of the world to being extensively focused on an individual’s rights in other parts, not to mention differing user and cultural sensitivities. Organizations could also avoid costly litigation over data breaches and the need to retrofit solutions through building in privacy controls upfront.

A Cloud Bill of Rights may have been seen as too difficult to implement in the past given the deviations highlighted above. However there is growing common groundswell.


Europe has been moving towards a single harmonized law across its member states and in North America the United States just passed the two-year mark since the Obama administration’s report calling for a consumer privacy bill of rights, an effort that privacy advocates recently made a renewed call for. Many countries also either adhere to or leverage OECD privacy principles and Dr. Cavoukian’s Privacy by Design Principles.

There is not a day that goes by without a privacy-related violation making front-page news, which underscores the increasing sense of urgency that privacy be an irrevocable, universal right. As a starting point for the Cloud Bill of Rights, end users should have the right to far greater control over their personal information – how it is obtained, used, transmitted and stored.

In addition, users should also have the ability to remove their personally identifiable information from datasets. However, a Cloud Bill of Rights should also be equally geared at educating and mandating data processors /collectors to exercise far greater diligence and due care with our personal data.