I was interested that the New York Times picked this up, but not surprised whe the first thing they mentioned was the recent Facebook news. Cloud computing adds a new layer of privacy concerns since your data can and will be stored across multiple providers. Let’s break down a scenario you all will understand and how it could affect you.
You sign up for NewSocialNetwork. You are enjoying the site and it is growing at a nice rate, adding hundreds if not thousands of users daily. Eventually they start to feel the growing pains and look for some cloud hosting of data. Such as S3 from Amazon. Here is where the trouble begins to surface.
Your original privacy agreement is with NewSocialNetwork, not S3. Another agreement is reached independently between NewSocialNetwork and S3, not you and S3. While in most instances these agreements are rahter benign, not all of them will be.
In the United States, information held by a company on your behalf — be it a bank, an e-mail provider or a social network — is often not protected as much as information a person keeps at home or a business stores in computers it owns. Sometimes that means that a government investigator, or even a lawyer in a civil lawsuit, can get access to records by simply using a subpoena rather than a search warrant, which requires more scrutiny by a court.
What the above means is that information, pictures, ideas and history of chats, email and browsing may be more freely available. I am not saying I totally agree with this theory from the World Privacy Forum report.
Many of the social network sites reserve the right to change their Privacy documentation at will, with notice to you, the user. However, this mostly happens as they make the change, not as they are about to. What transpires is that you are already caught in new Privacy controls you did not originally agree to and had no notice amendments were coming. You may lose or gain rights as these are modified.
While cloud services are looked upon as simply a data storage and distribution model for scalability, the key is that it includes our data storage. Let us say that I remove my account from NewSocialNetwork following their Privacy rules. Their rules state that they will delete all references to my account. But what about the data and copies stored at the cloud location. Are those removed by the cloud provider because of the NewSocialNetwork privacy terms? Highly unlikely.
What I do know is that NewSocialNetwork (and all the ones we use today) need to amend their Privacy documentation available to us to address not only data we store with them directly on their servers, but through them once they start utilizing cloud services.