Evaluation of Data Privacy Risks in Cross-Border Cloud Storage Systems and Legal Implications Under International Cyber Law

Katharine Kemp

Authors

Katharine Kemp Cybersecurity & Privacy Lawyer, Australia Author

Keywords:

Cross-border data, Cloud storage, Data privacy, International cyber law, GDPR, CLOUD Act, Legal implications, Data sovereignty, Digital jurisdiction

Abstract

The rise of global cloud computing has introduced significant challenges in securing data privacy, particularly in cross-border data flows. With multiple jurisdictions involved, the risk of data breaches, unauthorized surveillance, and legal ambiguity increases. This paper examines the data privacy vulnerabilities in cross-border cloud storage systems, evaluates current international cyber law frameworks, and analyzes how these laws address or fail to address key data protection issues. Using a comparative analysis of legal regimes including the EU GDPR, US CLOUD Act, and regional cybersecurity laws, the paper underscores regulatory fragmentation and suggests a harmonized international legal architecture to mitigate privacy risks. The findings highlight the urgent need for consensus on global data governance to ensure robust, enforceable privacy standards.

References

Kuner, Christopher. Transborder Data Flows and Data Privacy Law. Oxford University Press, 2015.

Schwartz, Paul M., and Daniel J. Solove. “Reconciling Personal Information in the United States and European Union.” California Law Review, vol. 102, no. 4, 2014, pp. 877–916.

Subashini, Subashini, and Veerasamy Kavitha. “A Survey on Security Issues in Service Delivery Models of Cloud Computing.” Journal of Network and Computer Applications, vol. 34, no. 1, 2011, pp. 1–11.

Pearson, Siani. “Privacy, Security and Trust in Cloud Computing.” Privacy and Security for Cloud Computing, edited by Siani Pearson and George Yee, Springer, 2013, pp. 3–42.

Svantesson, Dan Jerker B. “The US CLOUD Act and the Global Law Enforcement Access to Data Problem.” Computer Law & Security Review, vol. 35, no. 4, 2019, pp. 347–353.

Greenleaf, Graham. “Global Data Privacy Laws 2021: Despite COVID Delays, 145 Laws Show GDPR Dominance.” Privacy Laws & Business International Report, no. 170, 2021, pp. 10–13.

De Hert, Paul, et al. “The Right to Data Portability in the GDPR: Towards User-Centric Interoperability of Digital Services.” Computer Law & Security Review, vol. 34, no. 2, 2018, pp. 193–203.

Woodward, John, Nicholas M. Greenfield, and Robin R. May. “The Future of Cloud Computing: Opportunities for European Cloud Computing Beyond 2020.” European Commission Report, 2018.

Bygrave, Lee A. “Data Protection by Design and by Default: Deciphering the EU’s Legislative Requirements.” Oslo Law Review, vol. 4, no. 2, 2017, pp. 105–120.

Tikk, Eneken. “International Cyber Norms and the Law of Armed Conflict.” NATO Cooperative Cyber Defence Centre of Excellence, 2012.

Zuboff, Shoshana. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. PublicAffairs, 2019.

Cate, Fred H., and James X. Dempsey. “The European Union Data Protection Directive and the U.S. Department of Commerce Safe Harbor Agreement.” Federal Communications Law Journal, vol. 59, no. 3, 2007, pp. 587–626.

Chander, Anupam, and Uyên P. Lê. “Data Nationalism.” Emory Law Journal, vol. 64, no. 3, 2015, pp. 677–739.

Pohle, Julia, and Thorsten Thiel. “Digital Sovereignty.” Internet Policy Review, vol. 9, no. 4, 2020.

Robinson, Neil, et al. The Cloud, Data Protection, and the European Commission: Compliance Challenges and Recommendations. RAND Corporation, 2013