Brendon Lynch here.
Today we released a new position paper, Privacy in the Cloud Computing Era: A Microsoft Perspective.
This new paper discusses how Microsoft is approaching privacy as it relates to cloud computing. We wrote this paper based on our experience over the past decade examining and addressing privacy challenges in the evolving online services realm. We are also releasing guidance to enterprises and consumers to help them navigate the privacy issues to consider when thinking about cloud-based services.
Cloud-based services are rapidly emerging to complement the traditional client-based model of running software on PCs and servers at home and within the organization. Simply put, “cloud computing” refers to computing capabilities that are provided to organizations that operate over the Internet. Businesses and governments are using “the cloud” to provide more and more services as it allows for greater flexibility, efficiency and lower costs. This next generation of computing has significant potential to create new jobs, business opportunities and economic growth.
From a privacy perspective, a key aspect of cloud computing is the remote storage and processing of personal information with a service provider. Consumers, and more recently organizations, have for some time been using online services that store personal information remotely (for example, Microsoft’s Windows Live Hotmail was introduced in the mid-90s). Therefore, with regard to most data privacy questions as well as the perspective of typical users, cloud computing reflects the evolution of the Internet computing experiences we have long enjoyed, rather than a revolution.
While we recognize that privacy in the cloud will evolve over time; the paper describes how our underlying privacy principles provide a solid foundation for addressing privacy issues.
However, particularly given the global nature of the data flows inherent in cloud computing, there are a number of policy questions concerning how people, organizations and governments handle information and interactions in this environment. As Peter Cullen’s post last week noted:
With the evolution of cloud computing, in particular, global data flows have changed to become continuous and multi-point rather than linear and point-to-point. Chances are that data will flow differently in ten years than it does today, and privacy rules will need to anticipate these inevitable changes. At the same time, privacy laws, by their very nature, are local. This dynamic creates inherent tension. As such, new privacy paradigms and governance models, such as one governed by accountability need to be considered in the context of global such frameworks.
Microsoft looks forward to a continuing engagement with government, industry, advocates, and our customers on these vital topics.
Brendon Lynch, senior director of privacy strategy, Microsoft Trustworthy Computing