Abstract
“Cloud computing” and “Big Data” are amongst the most hyped-up terms and buzzwords of the moment. After decades in which individuals and companies used to host their data and applications using their own IT infrastructure, the world has seen the stunning transformation of the Internet. Major shifts occurred when these infrastructures began to be outsourced to public Cloud providers to match commercial expectations. Storing, sharing and transferring data and databases over the Internet is convenient, yet legal risks cannot be eliminated. Legal risk is a fast-growing area of research and covers various aspects of law. Current studies and research on Cloud computing legal risk assessment have been, however, limited in scope and focused mainly on security and privacy aspects. There is little systematic research on the risks, threats and impact of the legal issues inherent to database rights and “ownership” rights of data. Database rights seem to be outdated and there is a significant gap in the scientific literature when it comes to the understanding of how to apply its provisions in the Big Data era. This means that we need a whole new framework for understanding, protecting and sharing data in the Cloud. The scheme we propose in this chapter is based on a risk assessment-brokering framework that works side by side with Service Level Agreements (SLAs). This proposed framework will provide better control for Cloud users and will go a long way to increase confidence and reinforce trust in Cloud computing transactions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Gutwirth and Hildebrandt (2010), p. 33.
- 2.
For details, see Ciborra (2005).
- 3.
Ciborra (2007), p. 27.
- 4.
For details about artificial intelligence (AI) and expert systems see, e.g., Jackson (1998).
- 5.
Ciborra (2007), p. 27.
- 6.
For details about the evolution of Grid infrastructure technologies see, e.g., Jones and Bird (2013), pp. 160 et seq.
- 7.
Kasemsap and Sunandha (2015), p. 33.
- 8.
Teng and Magoules (2010), p. 126.
- 9.
Shantz (2005), p. 511.
- 10.
Ciborra (2009), p. 78.
- 11.
Drissi et al. (2013), p. 143.
- 12.
See, e.g., Gourlay et al. (2008), pp. 437–443.
- 13.
See Andrieux et al. (2007); see also Gourlay et al. (2008), p. 438. More specifically, for negotiating and creating SLAs, we use the WSAG4 J framework developed at Fraunhofer Institute SCAI. The WSAG4J is basically a tool that helps you to create and manage SLAs in distributed systems and has been fully implemented as part of the Open Grid Forum (OGF) WS-Agreement standard. For details, see https://packcs-e0.scai.fraunhofer.de/wsag4j/. Accessed 10 October 2016.
- 14.
Optimized Infrastructure Services (OPTIMIS) was a EU funded project within the 7th Framework Program under contract ICT-257115. The project developed an open source toolkit designed to help Cloud service providers to build and run applications in the Cloud. New features that include the clarification of database rights and “ownership” rights of data have been implemented. The toolkit has been integrated into the Open Nebula Ecosystem and the Infrastructure as a Service Cloud computing project Open Stack.
- 15.
The Advanced Risk Assessment and Management for Trustable Grids project (AssessGrid), was founded by the EU Commission under the FP6 IST framework (contract no. 031772).
- 16.
Padgett et al. (2009).
- 17.
Djemame et al. (2011b), p. 1558.
- 18.
See, e.g., Kirkham et al. (2012), p. 1063.
- 19.
See Mahmood (ed) (2014).
- 20.
Non-functional requirements present a systematic approach that provides quality to the software system. They define the criteria used in the system operation, which is specified in the system architecture. For a comprehensive explanation of non-functional requirements see, e.g., Chung et al. (2000); Chung and Sampaio Do Prado Leite (2009).
- 21.
Li and Singh (2014), p. 670.
- 22.
“Clouds are a large pool of easily usable and accessible virtualized resources (such as hardware, development platforms and/or services). These resources can be dynamically reconfigured to adjust to a variable load (scale), allowing also for optimum resource utilization. This pool of resources is typically exploited by a pay-per-use model in which guarantees are offered by the Infrastructure Provider by means of customized SLAs.” See Vaquero et al. (2008), pp. 50–55. The above definition is very useful because it also introduces a “customized SLA,” which is explored in greater detail in this chapter.
- 23.
For this term see American Heritage Dictionary.
- 24.
Garner (2014), p. 1524.
- 25.
See, e.g., Gourlay et al. (2009), p. 36.
- 26.
Plain English ISO 31000:2009.
- 27.
Garner (ed) (2014), p. 1525.
- 28.
Sangrasi et al. (2012), pp. 445–452.
- 29.
See, e.g., Nwankwo (2014).
- 30.
ISO 31000:2009 risk management standard sets out the principles and guidelines on risk management that can be applied to any type of risk in any field of industry or sector.
- 31.
Cattedu and Hogben (eds) (2009).
- 32.
ISO 22307:2008 is a privacy impact assessment for financial services and banking management tools. It recognizes the importance to mitigate risks associated to consumer data utilizing automated and networked systems.
- 33.
- 34.
For details, see http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=62289. Accessed 10 April 2016.
- 35.
See ISO/IEC 29101:2013 Information Technology—Security Techniques—Privacy Architecture Framework; see also Nwankwo (2014).
- 36.
ISO/IEC NP 19086-4 Information Technology—Cloud Computing—Service Level Agreement (SLA) Framework and Technology—Part 4 Security and Privacy.
- 37.
Dupré and Haeberlen (eds) (2012).
- 38.
Djemame et al. (2011a), p. 119.
- 39.
See, e.g., Kirkham et al. (2013), p. 7.
- 40.
Djemame et al. (2011a), p. 119.
- 41.
Djemame et al. (2011a), p. 119.
- 42.
Djemame et al. (2011a), p. 119.
- 43.
For details, see Ferrer et al. (2011), pp. 67–77.
- 44.
Djemame et al. (2011a), p. 119.
- 45.
Khan et al. (2012), p. 122.
- 46.
Djemame et al. (2012), p. 3.
- 47.
Khan et al. (2012), p. 122.
- 48.
Khan et al. (2012), p. 122.
- 49.
Kahn et al. (2012), p. 122.
- 50.
Kahn et al. (2012), p. 122.
- 51.
Kahn et al. (2012), p. 122.
- 52.
See, e.g., Vraalsen et al. (2005), pp. 45–60.
- 53.
- 54.
See Susskind (1998), p. 290.
- 55.
- 56.
Burnett (2005), pp. 61–67.
- 57.
Rejas-Muslera et al. (2007), pp. 118–124.
- 58.
Bradshaw et al. (2010).
- 59.
XML is a markup language standard that aims to define a format that is both human and machine understandable. Thus humans based on a template model may edit it, and the produced created instance can be processed by according software, following a relevant decision logic. For example, the template model dictates the available fields, the user selects the according values, and then the relevant software may retrieve the XML-based provider descriptions and filter them based on the user’s requirements. The XML Description Schema is available at: http://www.optimis-project.eu/content/xml-description-schema-improvement. Accessed 10 October 2016. For details about the XML schema see previous chapter.
- 60.
Batré et al. (2007), p. 193.
- 61.
For details, see Draft White Paper on Legal Options for the Exchange of Data through the GEOSS Data-CORE. Group on Earth Observations.
- 62.
White Paper, Mechanisms to Share Data as Part of GEOSS Data-CORE, p. 3.
- 63.
White Paper, Mechanisms to Share Data as Part of GEOSS Data-CORE, p. 3.
- 64.
White Paper, Mechanisms to Share Data as Part of GEOSS Data-CORE, p. 3.
- 65.
White Paper, Mechanisms to Share Data as Part of GEOSS Data-CORE, p. 3.
- 66.
Summary White Paper, Legal Options for the Exchange of Data through the GEOSS Data-CORE, p. 2.
- 67.
Summary White Paper, Legal Options for the Exchange of Data through the GEOSS Data-CORE, p. 19.
- 68.
Sundara Rajan (2011), p. 286.
- 69.
For the extensive case law on this topic see, e.g., Fixtures Marketing Ltd. v Oy Veikkaus AB, CJEU—Case C-46/02, 9 November 2004 (Finland); Fixtures Marketing Ltd. v Organismos Prognostikon Agonon Podosfairou [the OPAP case], CJEU—Case C-444/02, 9 November 2004 (Greece); Fixtures Marketing Ltd. v Svenska Spel AB, CJEU—Case C-338/02, 9 November 2004 (Sweden); The British Horseracing Board Ltd and Others v William Hill Organization Ltd., [the BHB case], CJEU, Case C-203/02, 9 November 2004 (United Kingdom).
- 70.
See Kingston (2010), p. 112.
- 71.
Bently and Sherman (2009), pp. 310–311.
- 72.
DG Internal Market and Services Working Paper, First Evaluation of Directive 96/9/EC on the Legal Protection of Databases, p. 4.
- 73.
The concept of protecting databases with only copyright changed radically right after a series of case laws rejecting copyright protection such as the Van Daele v Romme ruling in the Netherlands, where Van Daele could not protect the copying of its dictionary because of lacking the threshold of originality, and; the Feist Publications v Rural Telephone Service Co. [Feist case] judgment in the US, where the courts decided not to grant copyright protection to a phone directory on the same grounds. See Van Dale Lexicografie B.V. v Rudolf Jan Romme, Hoge Raad, Supreme Court of the Netherlands, 4 January 1991, NG 1991, 608 (The Netherlands); Feist Publications v Rural Telephone Service Co. 499 U.S. 340 (1991) (United States).
- 74.
Majkic (2014), Preface.
- 75.
Dean (2014), p. 10.
- 76.
Ridley (2015), p. 79.
- 77.
Ridley (2015), p. 79.
- 78.
See, e.g., generally, Sakr and Gaber (eds) (2014).
- 79.
Unstructured data is the subset of information. For example: text mining in the medical field. For details, see, e.g., Holzinger et al. (2013), p. 13.
- 80.
- 81.
Krishnan (2013), p. 5.
- 82.
Vashist (2015), p. 1.
- 83.
Lohr (2015).
- 84.
See, e.g., generally, OECD Principles and Guidelines for Access to Research Data from Public Funding (2007).
- 85.
Davison (2003), p. 97.
- 86.
With the exception of Mexico, South Korea and Russia.
- 87.
See, e.g., Kousiouris et al. (2013), pp. 61–72. In this work, the authors refer mainly to data protection issues, however the same principles and ideas underlying the geographic location and data transfers could apply to database rights.
- 88.
According to Annupan Chander, legal glocalization “would require the creation or distribution of products or services intended for a global market but customized to conform to local laws—within the bounds of international law.” See Chander (2013), pp. 11, 16, 137, 143, 144, 145 and 169.
- 89.
See Wu et al. (2013), pp. 235–244.
- 90.
Or, for example, in Mexico, South Korea and Russia as these countries have also database rights similar to the EU Database Directive.
- 91.
See, e.g., GEOSS-data Core project, p. 11.
- 92.
Djemame et al. (2011b), p. 1561.
- 93.
Djemame et al. (2011b), p. 1561.
- 94.
Djemame et al. (2011b), p. 1561.
- 95.
Djemame et al. (2011b), pp. 1559–1560.
- 96.
- 97.
Fellows (2013).
- 98.
Fellows et al. (2014), p. 2.
- 99.
Djemame et al. (2011b), pp. 1559–1560.
- 100.
Djemame et al. (2011b), p. 1561.
- 101.
Djemame et al. (2011a), p. 122.
- 102.
Djemame et al. (2012), pp. 9–10.
- 103.
Djemame et al. (2012), pp. 9–10.
- 104.
Djemame et al. (2012), pp. 9–10.
- 105.
Djemame et al. (2012), pp. 9–10.
- 106.
Djemame et al. (2012), pp. 9–10.
- 107.
Djemame et al. (2012), pp. 9–10.
- 108.
In computer science and software development, rule-based systems (also known as “expert-systems”) are used to store and analyze information in useful ways that tell you what to do in different situations. They are often used as the basis for AI programing and systems to find answers to various problems. See, e.g., generally, Grosan and Abraham (2011), pp. 149–185; Toosizadeh and Reza Farshchi (2011). Rule-base systems work as a set of “If-then” rules and facts to represent different actions to take. For details, see Cawsey. Rule-Based Systems. http://www.zemris.fer.hr/predmeti/krep/Rules.pdf. Accessed 10 Oct 2016.
- 109.
Plug-in, add-in or add-on extensions are all synonyms for software components.
- 110.
Djemame et al. (2011a), pp. 121–122.
- 111.
Kirkham et al. (2013), p. 1067.
- 112.
Djemame et al. (2011a), p. 125.
- 113.
See, e.g., ISO 31000:2009; ISO 27000 standards; ISO Guide 73:2009.
- 114.
For details of the ENISA Guidelines see Cattedu and Hogben (2009).
- 115.
Summer et al. (2004), p. 6.
- 116.
Djemame et al. (2011b), p. 1570.
- 117.
Lebber and Hermann (2013), p. 406.
- 118.
Djemame et al. (2016), p. 3.
- 119.
Taubenberger et al. (2011), p. 260.
- 120.
Sharif and Basri (2011), p. 222.
- 121.
See, e.g., Cayirci (2015), p. 163.
- 122.
Lund et al. (2011), p. 131.
- 123.
Luiijf (2016), p. 69.
- 124.
- 125.
Beckers (2015), p. 457.
- 126.
Lund et al. (2011), pp. 121 et seq.; see also, e.g., The risk management of HAI: A Methodology for NHSs available at: http://www.gov.scot/Publications/2008/11/24160623/3. Accessed 10 January 2017.
- 127.
Use of colour coding could also facilitate the rapid communication and understanding of risks such as: red, amber, yellow or green.
- 128.
Lund et al. (2011); The risk management of HAI: A Methodology for NHSs available at: http://www.gov.scot/Publications/2008/11/24160623/3. Accessed 10 January 2017.
- 129.
Article 29 Data Protection Working Party (2004), pp. 1–14.
- 130.
Gough and Nettleton (2010), p. 149.
- 131.
Kattan et al. (2011), p. 199.
- 132.
- 133.
For this term see, e.g., http://www.praxiom.com/iso-27001-definitions.htm. Accessed 10 October 2016.
- 134.
Kahn et al. (2012), p. 124.
- 135.
References
Advanced Risk Assessment and Management for Trustable Grids (AssessGrid). EU funded project within the FP6 IST Framework Program under contract no. 031772 http://cordis.europa.eu/project/rcn/79340_en.html
Andrieux A et al (2007) Web services agreement specification (WS-agreement). Global Forum
American Heritage Dictionary. https://www.ahdictionary.com/word/search.html?q=risk&submit.x=-872&submit.y=-210. Accessed 15 Oct 2016
Art. 29 Data Protection Working Party (2004) Working document on genetic data adopted on 17 March 2004. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2004/wp91_en.pdf. Accessed 10 Oct 2016
Batré et al (2007) Gaining users’ trust by publishing failure probabilities. In: Security and privacy in communications networks and the workshops, 2007. SecureComm 2007. Proceedings of the third international conference on security and privacy in communication networks, Nice
Beckers K (2015) Pattern and security requirements: engineering-based establishment of security standards. Springer, Cham
Bently L, Sherman B (2009) Intellectual property law, 3rd edn. Oxford University Press, Oxford
Bonewell D (2006) Security and privacy for data warehouses: opportunity or threat? In: Tipton H, Krause M (eds) Information security management handbook, 5th edn. Auerbach Publications, Boca Ratón
Bradshaw S, Millard C, Walden I (2010) Contracts for clouds: comparison and analysis of the terms and conditions of cloud computing services. Queen Mary School of Law Legal Studies research paper no. 63/2010. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1662374. Accessed 10 Oct 2016
Burnett R (2005) Legal risk management for the IT industry. Comput Law Secur Rep 21(1):61–67
Cawsey A. Rule-based systems. http://www.zemris.fer.hr/predmeti/krep/Rules.pdf. Accessed 10 Oct 2016
Cattedu D, Hogben G (2009) Cloud computing: benefits, risks and recommendations for information security. ENISA (European Network and Information Security Agency). http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport. Accessed 10 Oct 2016
Cayirci E (2015) Models for cloud risk assessment: a tutorial. In: Felici M, Fernández-Gago C (eds) Accountability and security in the cloud: first summer school, cloud accountability project, A4cloud, Malaga, Spain, June 2–6 2014, revised selected papers and lectures. Springer, Cham
Chander A (2013) The electronic silk road: how the web binds the world together in commerce. Yale University Press, New Haven
Chung L et al (2000) Non-functional requirements in software engineering. Springer, New York
Chung L, Sampaio Do Prado Leite J (2009) On non-functional requirements in software engineering. In: Borgida A et al (eds) Conceptual modeling: foundations and applications: essays in honor of John Mylopoulos (Lecture notes in computer science/Information systems and applications, incl. internet/web, and HCI, vol 5600). Springer, Berlin
Ciborra C (2005) Digital technologies and the duality of risk. Centre for Analysis of Risk and Regulation. London School of Economics and Political Science, London
Ciborra C (2007) Digital technologies and risk: a critical review. In: Hanseth O, Ciborra C (eds) Risk, complexity and ICT. Edgar Elgar Publishing, Cheltenham
Ciborra C (2009) Imbrication of representations: risks and digital technologies. In: Avgerou C, Lanzara F, Willcocks L (eds) Bricolage, care and information systems: Claudio Ciborra’s legacy in information systems research. Palgrave MacMillan, New York
Corrales M (2012) Privacy risk impact assessment: a new requirement for safer clouds. Beck-Online, ZD-Aktuell, 03036
Davison M (2003) The legal protection of databases. Cambridge University Press, Cambridge
Dean J (2014) Big data, data mining and machine learning: value creation for business leaders and practitioners. Wiley, Hoboken
DG Internal Market and Services Working Paper, First Evaluation of Directive 96/9/EC on the Legal Protection of Databases. http://ec.europa.eu/internal_market/copyright/docs/databases/evaluation_report_en.pdf. Accessed 10 Oct 2016
Disselkamp L (2013) Workforce asset management book of knowledge: official guide for workforce asset management certification. Wiley, Hoboken
Djemame K et al (2011a) A risk assessment framework and software toolkit for cloud service ecosystems. In: The second international conference on cloud computing, GRIDs, and virtualization. http://www.optimis-project.eu/content/risk-assessment-framework-and-software-toolkit-cloud-service-ecosystems. Accessed 10 Oct 2016
Djemame K et al (2011b) Brokering of risk-aware service level agreements in grids. Concurr Comput Pract Exp 23:1558–1582
Djemame K et al (2012) Legal issues in the cloud: towards a risk inventory. Philos Trans R Soc A 371(1983):20120075
Djemame K et al (2016) A risk assessment framework for cloud computing. IEEE Trans Cloud Comput 4(3):265–278
Draft White Paper on Legal Options for the Exchange of Data through the GEOSS Data-CORE. Group on Earth Observations. https://www.earthobservations.org/documents/dsp/draft_white_paper_geoss_legal_interoperability_30_october_2011.pdf. Accessed 10 Oct 2016
Drissi S, Houmani H, Medromi H (2013) Survey: risk assessment for cloud computing. Int J Adv Comput Sci Appl 4(12):143–148
Dupré L, Haeberlen T (eds) (2012) Cloud computing: benefits, risks and recommendations for information security. ENISA European Network and Information Security Agency. https://resilience.enisa.europa.eu/cloud-security-and-resilience/publications/cloud-computing-benefits-risks-and-recommendations-for-information-security. Accessed 10 Oct 2016
Fellows W (2013) Cloud brokers: now seeking ready-to-pay customers, 451 research. https://451research.com/report-long?icid=2666. Accessed 10 Oct 2016
Fellows W, Ring, K, Rogers O (2014) Cloud brokers: making ITAAS a practical reality? https://451research.com/images/Marketing/DIS/451_CloudBrokers_2014_FINAL.pdf. Accessed 10 Oct 2016
Ferrer et al (2011) OPTIMIS: a holistic approach to cloud service provisioning. Future Gener Comput Syst 28:66–77
GEOSS-Data Core Project. https://www.earthobservations.org/documents/dswg/Annex%20VI%20-%20%20Mechanisms%20to%20share%20data%20as%20part%20of%20GEOSS%20Data_CORE.pdf. Accessed 10 Oct 2016
Garner B (ed) (2014) Black’s law dictionary, 10th edn. Thomson Reuters, St. Paul
Gough J, Nettleton D (2010) Managing the documentation maze: answers to questions you didn’t even know. Wiley, Hoboken
Gourlay I, Djemame K, Padgett J (2008) Reliability and risk in grid resource brokering. In: 2008 second IEEE international conference on digital ecosystems and technologies (IEEE DEST 2008)
Gourlay I, Djemame K, Padgett J (2009) Evaluating provider reliability in grid resource brokering. In: 11th IEEE international conference on high performance computing and communications
Grosan C, Abraham A (2011) Ruled-based expert systems. In: Grosan C, Abraham A (eds) Intelligent systems: a modern approach, intelligent systems reference library, vol 17. Springer, Berlin
Großmann J, Seehusen F (2016) Combining security risk assessment and security testing based on standards. In: Seehusen et al (eds) Risk assessment and risk-driven testing: third international workshop, RISK 2015, Berlin, Germany. Springer, Cham
Gutwirth S, Hildebrandt M (2010) Some caveats on profiling. In: Gutwirth S, Poullet Y, de Hert P (eds) Data protection in a profiled world. Springer, Dordrecht
Holzinger A et al (2013) Combining HCI, natural language processing, and knowledge discovery—potential of IBM content analytics as an assistive technology in the biomedical field. In: Holzinger A, Pasi G (eds) Human computer interaction and knowledge discovery in complex, unstructured, big data, third international workshop, HCI-KDD 2013, Maribor, Slovenia, July 2013, Proceedings. Springer, Heidelberg
Ishikawa H (2015) Social big data mining. CRC Press, Boca Ratón
ISO 22307:2008 Financial services—privacy impact assessment. http://www.iso.org/iso/catalogue_detail.htm?csnumber=40897. Accessed 10 Oct 2016
ISO 31000:2009 Risk management. https://www.iso.org/obp/ui/#iso:std:43170:en. Accessed 10 Oct 2016
ISO/IEC 29101:2013. Information technology—Security techniques—privacy architecture framework. http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=45124&commid=45306. Accessed 10 Oct 2016
ISO/IEC DIS 29134 Information technology—Security techniques—privacy impact assessment—guidelines. http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=62289. Accessed 10 Oct 2016
ISO/IEC NP 19086-4 Information technology—cloud computing—service level agreement (SLA) framework and technology—part 4: security and privacy. http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=68242. Accessed 10 Oct 2016
Jackson P (1998) Introduction to expert systems, 3rd edn. Addison-Wesley, Harlow
Jones B, Bird I (2013) Data-intensive production grids. In: Critchlow T, Kleese van Dam K (eds) Data-intensive science. Chapman & Hall (CRC Press), Boca Ratón
Kasemsap K, Sunandha S (2015) The role of cloud computing adoption in global business. In: Chang V, Walter R, Wills G (eds) Delivery and adoption of cloud computing services in contemporary organizations. Information Science Reference (IGI Global), Hershey
Kattan I, Nunu A, Saleh K (2011) A stochastic model for improving information security in supply chain systems. In: Wang J (ed) Supply chain optimization, management and integration: emerging applications. Business Science Reference, Hershey
Khan A et al (2012) Security risks and their management in cloud computing. In: 2012 IEEE 4th international conference on cloud computing technology and science, IEEE Computer Society
Kingston W (2010) Beyond Intellectual Property: Matching Information Protection to Innovation. Edward Elgar Publishing, Cheltenham
Kirkham T et al (2012) Assuring data privacy in cloud transformations. In: 2012 IEEE 11th international conference on trust, security and privacy in computing and communications
Kirkham T et al (2013) Richer requirements for better clouds. In: 2013 IEEE International conference on cloud computing technology and science. IEEE Computer Society
Kitchin R (2014) The data revolution: big data, open data, data infrastructures & their consequences. Sage Publications, Los Angeles
Kousiouris G, Vafiadis G, Corrales M (2013) A cloud provider description schema for meeting legal requirements in cloud federation scenarios. In: Douligeris et al (eds) Collaborative, trusted and privacy-aware e/m-services, 12th IFIP WG 6.11 conference on e-business, e-services, and e-society, I3E 2013, Athens, Greece, 25–26 Apr 2013, Proceedings. Springer, Heidelberg
Krishnan K (2013) Data warehousing in the age of big data. Elsevier, Amsterdam
Lebber D, Hermann J (2013) Decision analysis methods for selecting consumer services with attribute value uncertainty. In: Lee ML et al (eds) Risk assessment and evaluation of predictions. Springer, New York
Legal risk management. http://www.jus.uio.no/ifp/english/about/organization/nrccl/research-areas/ongoing-research/legal-risk-management.html#ref1. Accessed 10 Oct 2016
Li T, Singh M (2014) Hybrid trust framework for loss of control in cloud management. In: Jeong H et al (eds) Advances in computer science and its applications: CSA 2013. Springer, Heidelberg
Lohr S (2015) Data-ism: the revolution transforming decision making, consumer behavior, and almost everything else. HarperCollins Publishers, New York
Luiijf E (2016) Threats in industrial control systems. In: Colbert E, Kott A (eds) Cyber-security of SCADA and other industrial control systems. Springer, Cham
Lund M, Solhaug B, Stolen K (2011) Model-driven risk analysis: the CORAS approach. Springer, Heidelberg
Mahmood Z (ed) (2014) Continued rise of the cloud: advances and trends in cloud computing. Springer, London
Majkic Z (2014) Big data integration theory: theory and methods of database mappings, programming languages, and semantics. Springer, Cham
Maurer S (2008) Across two worlds: database protection in the United States and Europe. In: Putnam J (ed) Intellectual property and innovation in the knowledge-based economy, conference proceedings, 23–24 May 2001, Toronto, Canada. University of Calgary Press, Calgary
Maurer S, Hugenholtz B, Onsrud H (2001) Europe’s database experiment. Science 294:789–790
Nwankwo S (2014) Developing a risk assessment methodology for data protection. IRI Blog. https://blog.iri.uni-hannover.de/index.php/2014/12/17/developing-a-risk-assessment-methodology-for-data-protection/. Accessed 10 Oct 2016
OECD principles and guidelines for access to research data from public funding, OECD 2007. http://www.oecd.org/sti/sci-tech/38500813.pdf. Accessed 10 Oct 2016
Optimized Infrastructure Services (OPTIMIS). EU funded project within the 7th Framework Program under contract ICT-257115. http://www.optimis-project.eu. Accessed 10 Oct 2016
Padgett J et al (2009) Risk-aware SLA brokering using WS-agreement. In: Awan I et al (eds) Conference proceedings: 23rd international conference on advanced information networking and applications, AINA 2009, IEEE Computer Society, proceedings. The Institute of Electrical and Electronics Engineers Inc., Danvers
Peng G, Dutta A, Choudhary A (2014) Exploring critical risks associated with enterprise cloud computing. In: Leung V, Chen M (eds) Cloud computing: 4th international conference, CloudComp 2013, Wuhan, China. Springer, Cham
Plain English ISO 31000:2009. Risk management dictionary. http://www.praxiom.com/iso-31000-terms.htm. Accessed 10 Oct 2016
Rejas-Muslera R, Cuadrado-Gallego J, Rodriguez D (2007) Defining a legal risk management strategy: process, legal risk and lifecycle. In: Abrahamsson P et al (eds) Software process improvement. Lecture notes in computer science, programming and software engineering, proceeding of the 14th European software process improvement conference, EuroSPI 2007, Potsdam, Germany, Sept 2007. Springer, Berlin
Ridley E (2015) Big Data and Risk Assessment. In: Kalyvas J, Overly M (eds) Big data: a business and legal guide. CRC Press, Boca Ratón
Sakr S, Gaber M (eds) (2014) Large scale and big data: processing and management. CRC Press, Boca Ratón
Sangrasi A, Djemame K, Johkio I (2012) Aggregating node level risk assessment in grids using an R-out-of-N model. In: Bhawani S et al (eds) (2012) Emerging trends and applications in information communication technologies: second international multi topic conference, IMTIC 2012, Jamshoro, Pakistan, March 2012, proceedings, communications in computer and information science, vol 281. Springer, Heidelberg
Shantz J (2005) Beyond risk and boredom: reflexions on Claudio Ciborra and sociology. Eur J Inf Syst 14:510–512
Sharif A, Basri S (2011) Software risk assessment: a review on small and medium software projects. In: Zain J et al (eds) Software engineering and computer systems, second international conference ICSECS 2011, Kuantan, Pahang, Malaysia, June 2011, proceedings part 2. Springer, Heidelberg
Summary White Paper, Legal options for the exchange of data through the GEOSS Data CORE. Data Sharing Task Force, Group on Earth Observations
Summer J, Ross T, Ababouch L (2004) Application of risk assessment in the fish industry. FAO Fiesheries technical paper no 442, part 1
Sundara Rajan M (2011) Moral rights: principles, practice and new technology. Oxford University Press, Oxford
Susskind R (1998) The future of law. Oxford University Press, Oxford
Taubenberger S et al (2011) Problem analysis of traditional IT-security risk assessment methods—an experience report from the insurance and auditing domain. In: Camensich J et al (eds) Future challenges in security and privacy for academia and industry: 26th IFIP TC 11 international information security conference, SEC 2011, Lucerne, Switzerland, June 2011, proceedings. Springer, Heidelberg
Teng F, Magoules F (2010) Future of grids resources management. In: Magoules F (ed) Fundamentals of grid computing: theory, algorithms and technologies. Chapman and Hall/CRC Press, Boca Ratón
Toosizadeh S, Reza Farshchi S (2011) Ruled-based programming for building expert systems: how do you create an expert system? Lambert Academic Publishing, Saarbrücken
Vashist R (2015) Cloud computing infrastructure for massive data: a gigantic task ahead. In: Hassanien A et al (eds) Big data in complex systems: challenges and opportunities, studies in big data, vol 9. Springer, Cham
Vaquero L et al. (2008) A break in the clouds. ACM SIGCOMM Comput Commun Rev 39(1):50
Vraalsen F et al. (2005) Specifying legal risk scenarios using the CORAS threat modeling language: experiences and the way forward. In: Herrmann P, Issarny V, Shiu S (eds) Trust management, third international conference, iTrust 2005, Paris, France, 23–26 May 2005. Proceedings, vol 3477. Springer, Berlin
Wahlgren P (2007) Legislative Techniques. In: Wintgens L (ed) Legislation in context: essays in legisprudence, applied legal philosophy. Ashgate Pub Co., Hampshire
White Paper, Mechanisms to share data as part of GEOSS Data-CORE. https://www.earthobservations.org/documents/dswg/Annex%20VI%20-%20%20Mechanisms%20to%20share%20data%20as%20part%20of%20GEOSS%20Data_CORE.pdf. Accessed 10 Oct 2016
Williams P (2013) Information security governance: a risk assessment approach to health information systems protection. In: Hovenga E, Grain H (eds) Health information governanc in a digital environment. IOS Press, Amsterdam
Wintgens L, Thion P (2007) Introduction. In: Wintgens L (ed) Legislation in context: essays in legisprudence, applied legal philosophy. Ashgate Pub Co., Hampshire
Wright D, De Hert P (eds) (2012) Privacy impact assessment, law, governance and technology series, vol 6. Springer, Dordrecht
Wu L et al (2013) Automated SLA negotiation framework for cloud computing. In: International symposium on cluster, cloud and grid computing (CCGrid), 2013 13th IEEE/ACM, May 13016, Delft, The Netherlands. https://pdfs.semanticscholar.org/6660/3838e3d4e2bdec718bed6b94d8cd730aea26.pdf?_ga=1.212388371.624674434.1462343094. Accessed 10 Oct 2016
XML Description Schema. http://www.optimis-project.eu/content/xml-description-schema-improvement. Accessed 10 Oct 2016
Acknowledgements
This work has been partially supported by the EU within the 7th Framework Program under contract ICT-257115—Optimized Infrastructure Services (OPTIMIS), and, by the Japanese Ministry of Education, Culture, Sports, Science, and Technology (MEXT) through a research scholarship (Mombukagakusho) conducted at Kyushu University in Japan. The authors would like to thank Prof. Toshiyuki Kono, Prof. Shinto Teramoto and Rodrigo Afara for their valuable guidance.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Corrales, M., Djemame, K. (2017). A Brokering Framework for Assessing Legal Risks in Big Data and the Cloud. In: Corrales, M., Fenwick, M., Forgó, N. (eds) New Technology, Big Data and the Law. Perspectives in Law, Business and Innovation. Springer, Singapore. https://doi.org/10.1007/978-981-10-5038-1_8
Download citation
DOI: https://doi.org/10.1007/978-981-10-5038-1_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-5037-4
Online ISBN: 978-981-10-5038-1
eBook Packages: Law and CriminologyLaw and Criminology (R0)