Today on the blog, we bring you something a bit different.
We told you awhile back that the Federal Trade Commission is looking at cloud computing.
Now we learn what they’re doing.
Kathryn Ratté, an attorney in the Division of Privacy and Identity Protection at the FTC and explains.
KR: As you may know, the FTC has jurisdiction over private sector uses of data, generally. So, we look at companies and their data handling practices, rather than other government agencies, which we don’t have the jurisdiction to do.
Cloud computing is an example of an emerging business model that we’re examining for its impact on consumers. We do this all the time with all sorts of other emerging technologies. Some other examples would be things like RFID or social networking.
So, as with many other emerging technologies, we’re just sort of taking a look at cloud computing and trying to see if there are any new issues for consumers.
FCB: Are there, or have you not figured that out yet?
KR: We’re still in the exploratory phase here.
We’re really trying to learn how widespread the practice is and whether there’s anything quantitatively new here.
Consumers have been storing data in the cloud for some time. Things like web-based email have been around for a long time.
But, we’re also seeing more and more of the emergence of business models where businesses are storing their consumers’ information or their customers’ information with another business that may be located on the cloud, or their servers may be located on the cloud.
So, in some senses, it’s nothing new. We’ve already dealt with issues about businesses overseeing their outsourcing partners or service providers. But, what we’re seeing now is that cloud computing is increasing the amount of consumer data that may be out there.
FCB: We talk to both government agencies and private companies . . . And one of the things that we talk about is the actual definition of cloud computing. We know NIST has put out a definition. Is that what you are using when you say ‘cloud computing’.
KR: That’s an excellent question. We have looked at the NIST definition and we think that is a very good definition — a good way of conceiving cloud computing.
The way we talk about things at the FTC — we try to frame it in terms of impact on consumers, because we’re the consumer protection agency, so we would even take it a step further and look at it as — is it a consumer interacting directly with a company that’s providing cloud services? Is it a consumer interacting with a business that may be storing their data on a remote server?
So, in some senses our internal definition is even simpler than the NIST one.
FCB: Is there any sort of timeline you can give us? Are you planning on releasing — maybe — official guidance? What’s the overall end result?
KR: In terms of our exploration of emerging technologies — those are sort of on-going and taking place all the time; however, our look at cloud computing is sort of part of a larger process that we’re undertaking right now with our privacy roundtable.
We’ve held two public events — one in December and one in January in Berkley, Ca. We’re about to have another one on March 17 here in Washington, D.C. at the FTC, and cloud computing is one of the emerging business models that we’re looking at and trying to see what impact technology might have on consumer privacy.
So cloud computing is sort of wrapped up in that larger project.
I can tell that your next question will be — what’s the outcome of that project?
We really don’t know yet. We’re going to try and take a look at the information that we’ve gathered and see what the next steps might be.
I think this is an area as, with many other areas, we just want to make sure consumers understand how their data are being used and that ever-increasing amounts of data on them are being stored in all these different places.
So, we appreciate that this is a complex environment for consumers and we’re trying to help them make sense of it.