We continue to separate fact from fiction in the context of cloud computing in our Cloud Myths Series.  In case you missed our first myth, you can see it here.

Myth 2: Cloud Computing involves More Data Sharing and that is Inherently Bad for Privacy.

Fact is that transferring data to data processing agents (who process data only on behalf, and in the interest, of the customer) is very different from transferring data to data controllers (who use data in their own interest and possibly impair the data subject’s privacy). In fact, transferring data to processing agents is so different from transferring to data controllers that German data protection laws define ‘transfer of personal data’ specifically to exclude sharing with data processing agents.

Data sharing with data processing agents is not inherently bad or good for privacy – it is neutral. Companies always need people and data sharing. Companies are a legal fiction. When companies use and process personal data, they have to act through human people, and such human people can be statutory employees, individual independent contractors or employees or contractors of corporate contractors. In either one of these scenarios, it is important that the individual person who processes the data acts on behalf, and in the interest, of the data controller. And it is important that the data controller in turn complies with applicable data protection laws. It is less relevant for privacy compliance purposes how the data controller company engages and compensates the person who conducts the processing – as employee or independent contractor. It is important that the person follows the law and applicable instructions.

For most companies, the switch from internally maintained data bases to external cloud-based solutions does not result in more sharing or transmission to additional geographies. Most data these days is transferred across geographical borders because it is needed in various locations. Traditionally, data has been shared over the Internet, via a myriad of devices, connections and persons with access. Switching from paper files, spreadsheets and emailing across legacy systems with varying degrees of data protection to a centralized cloud computing solution with access controls will not add to the prevalence of data sharing. Usually, it just means more orderly, organized and secure sharing.