My Edinburgh colleague Judith Rauhofer (who has a particular research and teaching interest in privacy, data protection, and information), along with Caspar Bowden (who many readers will know through his writing and advocacy on privacy), has just launched a very timely paper on data protection in ‘the cloud’, with a particular emphasis on data stored in the US and subject to US law on access to data. Judith and Caspar have been making this argument well before the current PRISM/NSA reporting, and the paper makes it clear how there are already a number of important legal issues that require attention. The paper engages with recent scholarship on cloud computing itself (e.g. the Queen Mary projects) and the proposed new Regulation on data protection. It also contains a very detailed analysis of FISA. But the key argument, and the one that deserves the most attention from those who have reacted with alarm to recent news reports, is that about the obligations of European institutions to protect fundamental rights; both the Charter and Convention are discussed.
The paper is now available on SSRN: