Data protection in cloud computing : a comparative study between the EU and USA regulations

Abstract

In recent years, cloud computing has evolved a lot, but at the same time, threats have increased because data is accessed over the Internet. As most data centers are outside the European Union (EU) and are located mainly in the United States of America (USA), the researcher thoroughly studied the data protection laws that apply in both geographic areas. The subject of this study is based on the collection of necessary information and comparison of how personal data is handled in the European Union (EU) and the United States of America (USA). In the EU, the study focused on the GDPR deepening the collection of information on the rights of data subjects, Basic Principles of Processing, Processing of Personal Data, Principle of Privacy for Data Protection, Organizational Requirements and then Legal Justification for Data Processing, while in the USA, by having a completely different approach that in the EU we addressed the CCPA and CDPA in-depth and WPA and NYPA superficially. First, the study focuses on the frm of collection, processing, transfer, violation, and prevention of access of unauthorized persons. Then, a direct comparison between the GDPR and the CCPA was made, addressing data subjects rights, who is protected, the information protected and regulated by the entities. After making the comparison between the GDPR and the CCPA, an interconnection was also made between the results of the previous comparison with cloud computing, with new responsibilities for CSPs as Processor, Customers or Supplier as Controller, Storage and Processing Policies, Data Subject Consent for Cloud Services, Security and Breach, Location, Transfer and Disposal of Data.