How do existing laws and regulations in the area of privacy affect the implementation of Cloud Computing technologies and how does the implementation of Cloud Computing technologies affect compliance with these laws and regulations?
In answering this question only relevant laws and regulations from the United States and the European Union are considered. The laws and regulations addressed in the research are limited to the following:
� Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (The Data Protection Directive)
� Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 (The E-Privacy Directive)
� The FTC Fair Information Practices
� The Fair Credit Reporting Act
� The privacy aspects of the Gramm-Leach-Bliley Act
� The privacy aspects of the Payment Card Industry � Data Security Standards
� The privacy aspects of the PATRIOT Act
Answering the research question is done using desk- and empirical research. The desk research consists of analyzing existing literature on Cloud Computing. The literature reviewed includes books, scientific papers, articles from researcher groups and whitepapers from Cloud Computing vendors.
The desk research is used to develop hypotheses on the impact of laws and regulations on Cloud Computing and the impact of Cloud Computing on compliance with these regulations.
The empirical research consists of interviews. The interviewees are all involved in Cloud Computing projects.
With the use of the processed interview results, the previously developed hypotheses are tested.
The outcome of the research is, along with this thesis, a model with guidelines on how Cloud Computing should be implemented with respect to the privacy laws and regulations mentioned.