Americans’ interest in privacy—as evidenced by increasing news coverage, online searches, and new legislation—has grown over the past decade. After the European Union enacted the General Data Protection Regulation (GDPR), technologists and legal professionals have focused on primary collectors of data—known under various legal regimes as the “controller” or “custodian.” Thanks to advances in computing, many of these data collectors offload the processing of data to third parties providing data-related cloud services like Amazon, Microsoft, and Google. In addition to the data they have already collected about the data subjects themselves, these companies now “hold” that data on behalf of other companies and are known under the GDPR infrastructure as “processors.” In this context of technology giants processing data for other companies, the current focus on privacy rules for primary data collectors seems almost misplaced. What are these companies required to do? Instead of focusing on the data collectors, the community should ask how transparent the data holders are in their demonstration of compliance. This Article seeks to explore that question through a comparative analysis of the publicly available privacy compliance documentation. Further, it will analyze the companies that Gartner’s May 2018 “Cloud Quadrant” identifies as the leaders in the data processing environment: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud.
Blair Witzel and Carrie Mount, Footprints: Privacy for Enterprises, Processors, and Custodians…Oh My!, 42 SEATTLE U. L. REV. 1175 (2019).
Civil Law Commons, Commercial Law Commons, Computer Law Commons, European Law Commons, International Law Commons, Internet Law Commons, Marketing Law Commons, Other Law Commons, Privacy Law Commons, Public Law and Legal Theory Commons, Science and Technology Law Commons, Torts Commons, Transnational Law Commons