DOCSLIB.ORG

The Price of Privacy in the Cloud: the Economic Consequences of Mr

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Price of Privacy in the Cloud: the Economic Consequences of Mr The Price of Privacy in the Cloud: The Economic Consequences of Mr. Snowden∗ Hyojin Songy Simon Wilkiez This Draft: February 2017. First Draft: November 2015. Abstract Cloud computing involves distributed and shared use of computing facilities in a network. This offers end users new flexibility and lower sunk costs. As a result, the cloud computing market has exhibited phenomenal growth. However, Edward Snowden's revelations of the NSA's spying program in 2013 degraded the privacy reputation of the US-based cloud service providers. We examine the economic impact of the Snowden revelations using a panel dataset of global cloud revenues across service types and vendors. We assume that the Snowden revelations are a negative demand-shock \treatment" for US-based providers, and regard non-US-based firms as the control group. We find that the revelations decreased the growth rate of revenues of US providers by 11% from Q3 2013 to Q4 2014. The expected losses to the US cloud industry are at least $18 billion. Following the treatment there is a significant price cut. We then evaluate how users and cloud service providers changed their behavior using Microsoft's free trial database and 18 online service providers' privacy policies. We show that firms’ strategic reactions led to lower prices with a higher quality of privacy protection. Hence paradoxically, Snowden may have lead to greater US market share in the long run. ∗The views expressed are those of the individual authors and do not necessarily reflect official positions of Microsoft Corp. We would like to thank John Conley, Amit Gandhi, Dawoon Jung, Daniel Klerman, Ryan Martin, John Matsusaka, Preston McAfee, Ricardo Perez-Truglia, Brijesh Pinto, Brian Quistorff, Justin Rao, Geert Ridder, Goufu Tan, Catherine Tucker, Microsoft Chief Economist team, and Microsoft Azure development team. We would like to thank seminar or conference participants at Microsoft Research (Economics Team Lunch Seminar), Microsoft Windows Privacy Offsite, USC Law School Class Workshop, and ACM Workshop on Economics of Cloud Computing 2016. [email protected]. Address: Microsoft Research, Office of Chief Economist, Office 4617, 14820 NE 36th St, Redmond, WA 98052, United States [email protected]. Microsoft Research, Address: Microsoft Research, Office of Chief Economist, Office 4618, 14820 NE 36th St, Redmond, WA 98052, United States; Dep. of Economics, University of Southern California; Law School, University of Southern California, Los Angeles, CA 90089 1 JEL Classification: D78, E65, H56, M38, O14 Keywords: Privacy; Snowden Revelation; PRISM; Cloud Industry; Government Surveillance 2 1 Introduction The transition to cloud-based computing services is widely believed to be the most significant technological change since the advent of the Internet. In particular, the adoption of cloud computing lowers sunk costs to end users and facilitates rapid innovation and the development of new businesses.1 As a consequence, the cloud computing market has exhibited phenomenal growth since 2009. On June 5, 2013, the Guardian published a bombshell. Edward Snowden, a National Security Agency (NSA)2 analyst, had leaked thousands of classified documents that revealed the existence of the NSA's domestic spying program.3 Snowden revealed that US telecommunications firms handed over meta-data on every international phone call to and from the US to the NSA. He also revealed the existence of a surveillance program called PRISM4 through which major US technology firms, including AOL, Google, Microsoft, and Yahoo! handed over emails in response to requests by the NSA. Perhaps even greater concerns was the revelations that the NSA, with the British Government Communications Headquarters (GCHQ),5 had tapped into 200 undersea optic fiber cables handling 600 million telephone events each day.6 Since most of the world data flowing through these pipes, this amounted to spying on an unprecedented scale.7 The international legal blowback8 was significant. In particular, several countries including Brazil9 and Russia10 passed \data sovereignty" laws requiring that their citizens' and corporations' 1For example, companies such as Netflix, Uber and Airbnb all reside on AWS, Amazon's cloud platform.Amazon Web Service has a dominant market share which accounts for 31% in the worldwide public cloud market in 2015. https://www.srgresearch.com/articles/aws-remains-dominant-despite-microsoft-and-google-growth-surges This is because cloud services enable users to both store their data and access software with computing power on \virtual machines" that exist in remote data centers. 2https://www.nsa.gov/ 3http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order 4http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data 5US and UK intelligence jointly shared collected data with Australia, Canada and New Zealand as the Five Eyes partnership. http://www.theguardian.com/world/2013/jun/22/nsa-leaks-britain-us-surveillance 6NSA and GCHQ have a joint surveillance program from 2008. http://www.theguardian.com/uk/2013/jun/ 21/gchq-cables-secret-world-communications-nsa 7Appendix A.1 provides more details about the Snowden revelations. 8Florek (2014) summarized legal issues related to the PRISM revelations. 9On April 23, 2014, the Marco Civil was passed in law and the law includes the ability to re- quire that data about Brazil be stored in Brazil. https://www.insideprivacy.com/international/ brazil-enacts-marco-civil-internet-civil-rights-bill/ 10Russia's new data localization law, Federal Law No. 242-FZ, was adopted in July 2014 and is in effect from September 1, 2015. Under the data localization law, personal data of Russian citizens must be collected, stored, 3 data be housed in data centers within their territorial borders. The European Court of Appeals struck down \safe harbor" agreement11 which by default allowed EU data stored in the servers of US firms to meet EU privacy regulations. We would certainly expect ordinary citizens and other users to respond to the revelations as an individual. The aim of this paper is to evaluate the economic impact of the Snowden revelations on the cloud computing industry and in doing so shed light on the value of privacy. We examine whether the Snowden revelations affected the rate of adoption of US-based cloud computing services relative to non-US-based services. To isolate the causal effects, we use difference in differences (DID) analysis using a unique panel dataset of firm revenues. We hypothesize that the US-based providers are the treated group and the non-US-based firms are the control group, where the treatment is the Snowden revelations. Due to customer lock-in and the rapid rapid growth rate of the cloud computing industry, we use the growth rate as the dependent variable rather than the level of revenues. One of our challenges is fluctuations in prices arising from the price war given the rapid growth of the global cloud industry. Our paper includes various specifications around the price war and we also examine Microsoft's free trial cloud usage patterns to isolate the price changes. We then show changes in privacy polices of 18 US technology companies comparing before and after the Snowden revelations. The results suggest that the Snowden revelations decreased the growth of revenues of US providers by 11.3%. The corresponding expected losses to US cloud providers are $17.74 billion in the Q3 2013 to Q4 2014 period.12 Our finding is robust to the results from alternative techniques, the fixed effects estimation and the synthetic control. We find that firms’ strategic reactions to the Snowden revelations led to lower prices with a higher quality of privacy protection. This paper contributes to a series of recent studies on the economics of privacy.13 The most and processed in/from databases located in Russia. 11On May 31, 2000, the US and the EU reach the \Safe Harbor" agreement on the terms under which privacy of personal information can be guaranteed in a context of international data flows. Safe Harbor implies that data held by US firms was sufficiently secure to comply with the EU \right to privacy." The details about the origins are explained by Farrell (2003). 12The Q3 2013 to Q4 2014 period is 6 quarters after the Snowden revelations. 13Acquisti et al. (2015) summarized various streams of theoretical and empirical issues on the economics of privacy. Beresford et al. (2012) and Preibusch (2013) measured the value of privacy using a field experiment approach. The recent studies on the value of privacy include Savage and Waldman (2013), Bonneau and Preibusch (2010), and Acquisti et al. (2006) 4 relevant study on the value of privacy is Marthews and Tucker (2014). The authors estimate how the Snowden revelations changed users' search behavior using Google search terms. They find a significant short-term reduction in the number of sensitive Google search terms such as various illicit drugs. Although the evidence suggests that privacy concerns affect behavior, it does not address the impact on the economic agents' purchasing decisions. Our paper fills the gap by providing the empirical evidence of economic impact in both consumers' cloud adoption decision and firms' strategic decision changes. There are a few recent studies about the magnitude of the economic impact of the Snowden revelations on the US cloud computing industry. Castro (2013) argues that the US cloud computing industry will lose $21.5 to $35 billion over the period 2014 to 2016. In contrast, Ferrara et al. (2015) argues a negligible effect of the Snowden revelations using Forrester's Business Technographics Global Infrastructure Survey, 2014. Unfortunately, both lacks any sophisticated research design. Castro (2013) calculated the magnitude based on ad hoc hypothesis and Ferrara et al. (2015) used subjective survey data. To the best of our knowledge, our paper is the first to provide economic research design to measure the impact of the Snowden revelations.
Load more

Recommended publications
  • D1.5 Final Business Models
    ITEA 2 Project 10014 EASI-CLOUDS - Extended Architecture and Service Infrastructure for Cloud-Aware Software Deliverable D1.5 – Final Business Models for EASI-CLOUDS Task 1.3: Business model(s) for the EASI-CLOUDS eco-system Editor: Atos, Gearshift Security public Version 1.0 Melanie Jekal, Alexander Krebs, Markku Authors Nurmela, Juhana Peltonen, Florian Röhr, Jan-Frédéric Plogmeier, Jörn Altmann, (alphabetically) Maurice Gagnaire, Mario Lopez-Ramos Pages 95 Deliverable 1.5 – Final Business Models for EASI-CLOUDS v1.0 Abstract The purpose of the business working group within the EASI-CLOUDS project is to investigate the commercial potential of the EASI-CLOUDS platform, and the brokerage and federation- based business models that it would help to enable. Our described approach is both ‘top down’ and ‘bottom up’; we begin by summarizing existing studies on the cloud market, and review how the EASI-CLOUDS project partners are positioned on the cloud value chain. We review emerging trends, concepts, business models and value drivers in the cloud market, and present results from a survey targeted at top cloud bloggers and cloud professionals. We then review how the EASI-CLOUDS infrastructure components create value both directly and by facilitating brokerage and federation. We then examine how cloud market opportunities can be grasped through different business models. Specifically, we examine value creation and value capture in different generic business models that may benefit from the EASI-CLOUDS infrastructure. We conclude by providing recommendations on how the different EASI-CLOUDS demonstrators may be commercialized through different business models. © EASI-CLOUDS Consortium. 2 Deliverable 1.5 – Final Business Models for EASI-CLOUDS v1.0 Table of contents Table of contents ...........................................................................................................................
    [Show full text]
  • Data Localization Requirements Across Different Jurisdictions 70
    The Localisation Gambit Unpacking Policy Measures for Sovereign Control of Data in India 19th March, 2019 By ​Arindrajit Basu, Elonnai Hickok, and Aditya Singh Chawla Edited by ​Pranav M Bidare, Vipul Kharbanda, and Amber Sinha Research Assistance ​Anjanaa Aravindan The Centre for Internet and Society, India Acknowledgements 2 Executive Summary 3 Introduction 9 Methodology 10 Defining and Conceptualizing Sovereign Control of Data 11 Mapping of Current Policy Measures for Localization of Data in India 13 The Draft Personal Data Protection Bill, 2018 13 Draft E-commerce Policy (s) 17 RBI Notification on ‘Storage of Payment System Data’ 19 Draft E-Pharmacy Regulations 20 FDI Policy 2017 20 National Telecom M2M Roadmap 21 Unified Access License for Telecom 21 Companies Act, 2013 and Rules 21 The IRDAI (Outsourcing of Activities by Indian Insurers) Regulations, 2017 22 Guidelines on Contractual Terms Related to Cloud Services 22 Reflecting on Objectives, Challenges and Implications of National Control of Data 24 Enabling Innovation and Economic Growth 24 Enhancing National Security and Law Enforcement Access 34 Law Enforcement Access 34 Protecting Against Foreign Surveillance 36 Threat to fibre-optic cables 37 Widening Tax Base 40 Data Sovereignty and India’s Trade Commitments 41 A Survey of Stakeholder Responses 48 Data Localisation Around the World 49 Conclusions and Recommended Approaches 61 Annexure I 70 Mapping Data Localization Requirements Across Different Jurisdictions 70 Annexure 2 75 A survey of stakeholder responses 75 1 Acknowledgements The authors would like to thank Pranav MB, Vipul Kharbanda, Amber Sinha, and Saumyaa Naidu for their invaluable edits and comments on the draft.
    [Show full text]
  • High Technology, Consumer Privacy, and U.S. National Security
    Georgetown University Law Center Scholarship @ GEORGETOWN LAW 2015 High Technology, Consumer Privacy, and U.S. National Security Laura K. Donohue Georgetown University Law Center, [email protected] This paper can be downloaded free of charge from: https://scholarship.law.georgetown.edu/facpub/1457 http://ssrn.com/abstract=2563573 Bus. L. Rev. (forthcoming) This open-access article is brought to you by the Georgetown Law Library. Posted with permission of the author. Follow this and additional works at: https://scholarship.law.georgetown.edu/facpub Part of the Constitutional Law Commons, Consumer Protection Law Commons, Fourth Amendment Commons, and the National Security Law Commons HIGH TECHNOLOGY, CONSUMER PRIVACY, AND U.S. NATIONAL SECURITY Laura K. Donohue* I. INTRODUCTION Documents released over the past year detailing the National Security Agency’s (“NSA”) telephony metadata collection program and interception of international content under the Foreign Intelligence Surveillance Act (FISA) implicated U.S. high technology companies in government surveillance. 1 The result was an immediate, and detrimental, impact on U.S. corporations, the economy, and U.S. national security. The first Snowden documents, printed on June 5, 2013, revealed that the government had served orders on Verizon, directing the company to turn over telephony metadata under Section 215 of the USA PATRIOT Act.2 The following day, The Guardian published classified slides detailing how the NSA had intercepted international content under Section 702 of the FISA Amendments Act.3 The type of information obtained ranged from E-mail, video and voice chat, videos, photos, and stored data, to Voice over Internet Protocol, file transfers, video conferencing, notifications of target activity, and online social networking.4 The companies involved read like a who’s who of U.S.
    [Show full text]
  • GDPR, CCPA, & Beyond
    GDPR, CCPA, & Beyond: 16 PRACTICAL STEPS TOWARDS GLOBAL DATA PRIVACY COMPLIANCE WITH TALEND By Sunil Soares and Jean-Michel Franco 2019 Edition Contents Introduction . 66 Understanding the fair information practice principles . 66. An overview of data protection & sovereignty legislation . .66 . EMEA Asia Pacific Americas A practical approach towards global compliance . 66 . 1 . Develop data governance policies, standards & controls 2 . Create data taxonomy 3 . Confirm data owners 4 . Identify critical datasets & critical data elements 5 . Establish data collection standards 6 . Define acceptable use standards 7 . Implement data security 8 . Conduct data protection impact assessments 9 . Conduct vendor risk assessments 10 . Improve data quality 11 . Stitch data lineage 12 . Govern analytical models 13 . Manage end user computing 14 . Govern the lifecycle of information 15 . Set up data sharing agreements 16 . Enforce compliance with controls Summary . 66 About information asset & Talend . 66. About the authors . .66 . 2 Gdpr, Ccpa, & Beyond: 16 Practical Steps Towards Global Data Privacy Compliance with Talend Introduction Data privacy and protection are increasingly capturing the attention of business leaders, citizens, law enforcement agencies and governments . Data regulations, whose reach used to be limited to heavily regulated industries such as banking, insurance, healthcare or life sciences are now burgeoning across countries and apply to any business no matter its size or industry, highlighting the importance of a concept called data sovereignty . Data sovereignty refers to legislation that covers information that is subject to the laws of the country in which the information is located or stored . It impacts the protection of data and is affected by governmental regulations for data privacy, data storage, data processing, and data transfers across country boundaries .
    [Show full text]
  • Online Anonymity Islamic State and Surveillance
    online anonymity islamic state and surveillance Jamie Bartlett Alex Krasodomski-Jones March 2015 Open Access. Some rights reserved. As the publisher of this work, Demos wants to encourage the circulation of our work as widely as possible while retaining the copyright. We therefore have an open access policy which enables anyone to access our content online without charge. Anyone can download, save, perform or distribute this work in any format, including translation, without written permission. This is subject to the terms of the Demos licence found at the back of this publication. Its main conditions are: . Demos and the author(s) are credited . This summary and the address www.demos.co.uk are displayed . The text is not altered and is used in full . The work is not resold . A copy of the work or link to its use online is sent to Demos. You are welcome to ask for permission to use this work for purposes other than those covered by the licence. Demos gratefully acknowledges the work of Creative Commons in inspiring our approach to copyright. To find out more go to www.creativecommons.org Partners Credits Commissioned by? Published by Demos March 2015 © Demos. Some rights reserved. Third Floor Magdalen House 136 Tooley Street London SE1 2TU [email protected] www.demos.co.uk 2 INTRODUCTION This is a very short discussion paper about the way in which terrorist groups, and specifically Islamic State, use modern encryption systems to evade surveillance. It examines how the risks of online anonymity are weighed against its many social, personal and economic benefits.
    [Show full text]
  • National Insecurity: the Impacts of Illegal Disclosures of Classified Information
    National Insecurity: The Impacts of Illegal Disclosures of Classified Information MARK D. YOUNG* There had never been anything like it. In today's terms, it was as if an NSA employee had publicly revealed the complete communications intelligence operations of the Agency for the past twelve years-all its techniques and major successes, its organizational structure and budget-and had, for good measure, included actual intercepts, decrypts, and translations of the communications not only of our adversaries but of our allies as well.' In the mid-summer of 2013, the British newspaper, The Guardian, published claims by a contractor for the National Security Agency (NSA), that millions of telephone records were being collected under an order from the Foreign Intelligence Surveillance Court. Throughout the summer and fall, additional disclosures about apparent surveillance operations seized headlines around the world. Accurately interpreting the meaning of the disclosures has been more complicated, but it is clear that there is great public interest in United States intelligence activities. *Mark D. Young is the Senior Vice President and Chief Strategy Officer of National Security Partners, LLC. Previously he served as the Executive Director for the Directorate of Plans and Policy at United States Cyber Command, the Special Counsel for Defense Intelligence for the House Permanent Select Committee on Intelligence, and as a senior leader at the National Security Agency. The views expressed in this article are those of the author and do not reflect the official policy or position of the U.S. government. This article is derived entirely from open source material and contains no classified information.
    [Show full text]
  • Cybersecurity, Sovereignty and U.S. Foreign Policy
    CYBERSECURITY , SOVEREIGNTY AND U.S. F OREIGN POLICY 21st Century Leaders Council 2014 CYBERSECURITY ROUNDTABLE (with NCAFP Policy Recommendations) NEW YORK CITY Tuesday, November 4, 2014 Our Mi ssion The National Committee on American Foreign Policy (NCAFP) was founded in 1974 by Professor Hans J. Morgenthau and others. It is a nonprofit activist think tank dedicated to the resolution of conflicts that threaten U.S. interests. Toward that end, the NCAFP identifies, articulates, and helps advance American foreign policy interests from a nonpartisan perspective within the framework of political realism. American foreign policy interests include: • preserving and strengthening national security; • supporting countries committed to the values and the practice of political, religious, and cultural pluralism; • improving U.S. relations with the developed and developing worlds; • advancing human rights; • encouraging realistic arms control agreements; • curbing the proliferation of nuclear and other unconventional weapons; • promoting an open and global economy. An important part of the activity of the NCAFP is Track I½ and Track II diplomacy. Such closed-door and off-the-record endeavors provide unique opportunities for senior U.S. and foreign officials, think tank experts, and scholars to engage in discussions designed to defuse conflict, build confidence, and resolve problems. Believing that an informed public is vital to a democratic society, the National Committee offers educational programs that address security challenges facing the United States and publishes a variety of publications, including its bimonthly journal, American Foreign Policy Interests, that present keen analyses of all aspects of American foreign policy. CONTENTS Introduction . .1 Summary of Discussions . .3 Panel 1: Connected Choices: The Internet and Sovereign Decision Making.
    [Show full text]
  • NSA) Surveillance Programmes (PRISM) and Foreign Intelligence Surveillance Act (FISA) Activities and Their Impact on EU Citizens' Fundamental Rights
    DIRECTORATE GENERAL FOR INTERNAL POLICIES POLICY DEPARTMENT C: CITIZENS' RIGHTS AND CONSTITUTIONAL AFFAIRS The US National Security Agency (NSA) surveillance programmes (PRISM) and Foreign Intelligence Surveillance Act (FISA) activities and their impact on EU citizens' fundamental rights NOTE Abstract In light of the recent PRISM-related revelations, this briefing note analyzes the impact of US surveillance programmes on European citizens’ rights. The note explores the scope of surveillance that can be carried out under the US FISA Amendment Act 2008, and related practices of the US authorities which have very strong implications for EU data sovereignty and the protection of European citizens’ rights. PE xxx.xxx EN AUTHOR(S) Mr Caspar BOWDEN (Independent Privacy Researcher) Introduction by Prof. Didier BIGO (King’s College London / Director of the Centre d’Etudes sur les Conflits, Liberté et Sécurité – CCLS, Paris, France). Copy-Editing: Dr. Amandine SCHERRER (Centre d’Etudes sur les Conflits, Liberté et Sécurité – CCLS, Paris, France) Bibliographical assistance : Wendy Grossman RESPONSIBLE ADMINISTRATOR Mr Alessandro DAVOLI Policy Department Citizens' Rights and Constitutional Affairs European Parliament B-1047 Brussels E-mail: [email protected] LINGUISTIC VERSIONS Original: EN ABOUT THE EDITOR To contact the Policy Department or to subscribe to its monthly newsletter please write to: [email protected] Manuscript completed in MMMMM 200X. Brussels, © European Parliament, 200X. This document is available on the Internet at: http://www.europarl.europa.eu/studies DISCLAIMER The opinions expressed in this document are the sole responsibility of the author and do not necessarily represent the official position of the European Parliament.
    [Show full text]
  • Data Localization and the Role of Infrastructure for Surveillance, Privacy, and Security
    International Journal of Communication 10(2016), 2221–2237 1932–8036/20160005 Data Localization and the Role of Infrastructure for Surveillance, Privacy, and Security TATEVIK SARGSYAN American University, USA Due to the increased awareness of the politics embedded in Internet technologies, there has been a growing tendency for state and nonstate actors around the world to leverage Internet infrastructure configurations to attain various political and economic objectives. Governments push for infrastructure modifications in pursuit of economic development, data privacy and security, and law enforcement and surveillance effectiveness. Information intermediaries set and enact their infrastructure to maximize revenue by enabling data collection and analytics, but have the capacity to implement tools for protecting privacy and limiting government surveillance. Relying on a conceptual framework of the politics of infrastructure, this article explores tensions and competing interests that emerge around intermediaries’ technical and policy infrastructure through analysis of (a) data localization strategies in a number of countries and (b) privacy and security undertakings by information intermediaries. Keywords: privacy, security, Internet infrastructure, surveillance, data localization The Politics of Infrastructure Governments across the world have come to recognize the importance of information intermediaries’ infrastructure for national security, public safety, and other political interests. Law enforcement and intelligence agencies are tasked with addressing various challenges, including the growth of terrorism, cyberattacks, cybercrime, fraud, and—in some regimes—political opposition and social movements. To pursue these goals, government agencies often need to access communications data that are beyond their immediate control, facilitated by a handful of information intermediaries. These companies mediate content by providing online services and communication platforms to global users.
    [Show full text]
  • P27 Layout 1
    WEDNESDAY, JANUARY 22, 2014 technology Carphone Warehouse sales get 4G boost LONDON: Carphone Warehouse, and Vodafone started services in within the market,” he said, noting that of growth of 2 percent and second quar- ance for headline earnings per share of Europe’s biggest independent mobile August last year. growing penetration of 4G was also driv- ter like-for-like growth of 3.6 percent. 17-20 pence, up from 12.3 pence in the phone retailer, beat consensus forecasts Take-up of 4G is being driven by rock- ing a rise in incremental average revenue CPW UK like-for-like revenue rose 5 2012-13 year. It also reiterated guidance for third-quarter revenue growth at its eting demand for mobile data. “There is a per user (ARPU). percent during the quarter, building on for pro-forma headline earnings before main CPW Group business, helped by real willingness for customers to move to Shares in Carphone, up over a quarter growth of 16 percent in the same period interest and tax (EBIT) of 140-160 million growing sales of 4G superfast mobile 4G and a willingness for them to under- in the last year, rose 1.4 percent after the last year. The firm said its Virgin Mobile pounds ($230-263 million) for CPW broadband products. stand that data usage is going to go up in firm said sales at CPW Group stores open France joint venture maintained its post- Group. Mobile operator EE, a joint venture the future,” Carphone Chief Executive over a year rose 3.1 percent in the three pay customer base at 1.33 million, Carphone shares were up 3 pence at between Frances’ Orange and Deutsche Andrew Harrison told Reuters yesterday.
    [Show full text]
  • European Digital Infrastructure and Data Sovereignty a Policy Perspective
    EUROPEAN DIGITAL INFRASTRUCTURE AND DATA SOVEREIGNTY A POLICY PERSPECTIVE FULL REPORT EUROPEAN DIGITAL INFRASTRUCTURE AND DATA SOVEREIGNTY - A POLICY PERSPECTIVE CONTENTS ACKNOWLEDGEMENTS 3 4 TECHNICAL ANNEXES 36 INTRODUCTION 4 4.1 USERS: STATISTICS, ATTITUDES, BEHAVIOURS… 36 4.2 DATA PROTECTION AND CYBERSECURITY… 40 4.2.1 Europe 40 1 OBJECTIVE, SCOPE AND KEY CONCEPTS 8 4.2.2 USA 42 4.2.3 Asia 44 1.1 OBJECTIVE AND SCOPE 8 4.2.4 Identity Management 46 1.2 MAKERS, SHAPERS, AND USERS 9 4.3 PLATFORMS AND DATA FLOW IMBALANCES 46 1.3 THREE IDEAL-TYPICAL MODELS OF REGULATION 12 4.4 CYBER SECURITY 49 2 PERSPECTIVES AND TRENDS 13 NOTES AND REFERENCES 57 2.1 DIGITAL INFRASTRUCTURES 13 2.1.1 5G 13 2.1.2 IoT 14 2.1.3 Clouds 14 LIST OF FIGURES 2.1.4 Platforms 15 FIGURE 1: THE REGULATORS/INNOVATORS DILEMMA 9 2.1.5 Artificial Intelligence 16 FIGURE 2: DIGITIZATION AS KEY CONNECTING INFRASTRUCTURE 10 2.1.6 Cybersecurity 18 FIGURE 3: DIGITAL ECOSYSTEM MAIN STAKEHOLDERS 10 FIGURE 4: 5G USAGE SCENARIOS 13 2.2 DATA PROTECTION 20 FIGURE 5: AI SURVEILLANCE - COUNTRY ADOPTION AND LEADING SUPPLIERS 16 2.2.1 Introductory overview and key concepts… 20 FIGURE 6: AI SURVEILLANCE TECHNOLOGY ORIGIN 17 2.2.2 Data governance and decentralisation 20 FIGURE 7: DATA PROTECTION AND PRIVACY LEGISLATION WORLDWIDE 21 2.2.3 Data ownership and access control 20 FIGURE 8: THE REGULATION EQUALISER 30 2.2.4 Identity management 21 FIGURE 9: PROPOSED SCENARIOS 30 2.2.5 Data processing 22 FIGURE 10: RADAR ASSESSMENT OF SCENARIOS IMPACTS 33 2.2.6 Final consideration on GDPR and beyond
    [Show full text]
  • Maintaining Corporate Privacy in the Digital Age
    Maintaining Corporate Privacy in the Digital Age Securing sensitive data while in motion and at rest Introduction Organizations large and small are investing in digital transformation programs, cloud migration projects, and enterprise mobility initiatives to grow their businesses and increase operating efficiency. However, Ovum is concerned that corporate information security management policies do not appear to be adapting quickly enough to cope with the tumultuous rate of change imposed by the rapidly evolving business and technological landscape. Although encryption has been around for many years, it has come to the fore recently as a means of making it more difficult to gain unauthorized access to sensitive or confidential information, especially within the context of mobile devices. Ovum expects the adoption of encryption technologies to grow rapidly in the near term due to the fact that conventional approaches to information security are failing to stem the flow of data leakage incidents and privacy breaches. Eventually, all data will be encrypted at rest and/or in motion. However, for a variety of technical, practical, and legislative reasons, organizations must be diligent and meticulous in their use of this technology, with the customer and employee experience being of paramount importance. Companies can prioritize the encryption of corporate data by carrying out a data classification exercise across their business processes and IT infrastructure. However, data classification is a resource-intensive and generally costly process. Not only is it time- and resource-consuming to implement a manual classification in the first place, but it also requires employees to be aware of changing classification policies going forward, and to potentially apply them to information and data items that they have already created and distributed.
    [Show full text]