open access

Abstract

The EC adopted a strategy to unleash the potential of cloud computing, where it marked data protection legislation as one of the main barriers for the development and expansion of cloud computing in Europe. In light of the EC goal to ensure a stimulating environment for the development of cloud computing in the EU, this paper aims to assess the consequences of the new roles and responsibilities of cloud service providers and the new rights for individuals under the GDPR. The analyses show that, in line with the position of data protection in the EU as a fundamental right, the GDPR considerably raises standards of data protection in cloud computing, which faces EU cloud service providers with a more demanding position than their non-EU competition. Further analysis shows that by promoting privacy enabling technology and by the extraterritorial application of the GDPR, together with the hefty fines for non-compliance, the GDPR provides tools that might force non-EU service providers to adjust their business model to EU standards, thus rebalancing possible market disruption in cloud computing. The paper concludes that the GDPR provides tools that might result in raised standards of data protection globally and in cloud computing in particular.