TERENA’s trusted cloud drive pilot seems to have come up with a good approach to privacy concerns involved in storing information in cloud services. The design splits the storage of the data itself from the metadata about it: metadata (in particular encryption keys) can be kept on a host in a trusted location; the contents of the files to be stored are then strongly encrypted and stored elsewhere, for example on a commercial cloud storage service. Since the contents are strongly encrypted, and the storage system doesn’t have access to the keys needed to decrypt them, the storage system shouldn’t be able to affect the confidentiality of the content (though it can obviously affect its availability). Clearly this doesn’t work if you actually need to process information in the cloud, but for pure storage it looks like a good idea.
A paper by the Cloudlegal project seems to confirm that privacy law ought to recognise this protection, in particular by permitting the storage of the encrypted information outside the EEA. Unfortunately the current EU Data Protection Directive was passed in 1995, when geographical location seemed like a clear indication of privacy risk and other ways of mitigating that risk (such as encryption) were not envisaged. Different national regulators have since taken different views on the extent to which technology can be relied upon: in the UK the Information Commissioner allows data controllers to make their own assessments of the risk represented by exporting data from the EEA. He has also formally recognised encryption as a valuable security measure, so there seems a good chance that use of the TERENA model would be acceptable here. Unfortunately the wide range of views of different regulators and legislatures make it very unclear whether that would also be true across the rest of Europe. This feels like yet another test case for the proposed Data Protection Regulation.