Cybersecurity and Liability in a Big Data World

Main Article Content

Maria Lillà Montagnani
Bocconi University of Milan, 20136 Milan, Italy
https://orcid.org/0000-0002-3522-6478
Mirta Antonella Cavallo
ASK Bocconi Research Center, 20136 Milan, Italy

Abstract

The interplay between big data and cloud computing is at the same time undoubtedly promising, challenging and puzzling. The current technological landscape is not without paradoxes and risks, which under certain circumstances may raise liability issues for market operators. In this article we illustrate the several challenges in terms of security and resilience that market operators face as their overcoming is of strategic importance for businesses wishing to be deemed privacy-respectful and reliable market actors. After a brief overview of the potentialities and drawbacks deriving from the combination of big data and cloud computing, this article illustrates the challenges and the obligations imposed by the European institutions on providers processing personal data – pursuant to the General Data Protection Regulation – and on providers of digital services and essential services – according to the NIS Directive. We also survey the European institutions’ push towards the development and adoption of codes of conduct, standards and certificates, as well as their last proposal for a new Cybersecurity Act. We conclude by showing that, despite this articulate framework, big data and cloud service providers still leverage on their strong market power to use “contractual shields” and escape liability.

Keywords: Big data, Security, Liability, NIS Directive, GDPR, Cloud, ISP, Cybersecurity act

Downloads

Download data is not yet available.

References

Alleweldt, Frank, Senda Kara, Anna Fielder and Ian Brown.“Cloud computing”.

Studio del Parlamento Europeo – Direzione generale politiche interne (Bruxelles: European Parliament, 2012), http://www.europarl.europa.eu/RegData/etudes/etudes/join/2012/475104/IPOL-IMCO_ET(2012)475104_IT.pdf.

ANRA. Adattarsi al cambiamento: la resilienza alle minacce digitali. 22 February 2016, http://www.anra.it/portal/contenuti/operativi/944/adattarsi-al-cambiamento-la-resilienzaalle-minacce-digitali.

Armerding, Taylor. “The 17 biggest data breaches of the 21st century. Security practitioners weigh in on the 17 worst data breaches in recent memory”. CSO. January 26, 2018. https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breachesof-the-21st-century.html.

Badger, Lee, Tim Grance, Robert Patt-Corner and Jeff Voas. Cloud Computing Synopsis and Recommendations. Recommendations of the National Institute of Standards and Technology. National Institute of Standards and Technology (2012). https://doi.org/10.6028/nist.sp.800-146

Barocas, Solon, Sophie Hood, and Malte Ziewitz. “Governing algorithms: A provocation piece”. March 29, 2013. http://governingalgorithms.org/resources/provocation-piece/.

Barrett, Meredith A., Olivier Humblet, Robert A. Hiatt and Nancy E. Adler. “Big data and disease prevention: From quantified self to quantified communities”. Big Data 1 (2013): 168-175. https://doi.org/10.1089/big.2013.0027

Bell, Daniel. The Coming of Post-Industrial Society: A Venture in Social Forecasting. Reissue. New York: Basic Books, 1973.

Bench-Capon, Trevor et al. “A history of AI and Law in 50 papers: 25 years of the international conference on AI and Law”. Artificial Intelligence and Law 20 (2012): 215-319. https://doi.org/10.1007/s10506-012-9131-x

Berry, Michael J. and Gordon S. Linoff. Data Mining Techniques: For Marketing, Sales, and Customer Relationship Management. New Jersey: John Wiley & Sons, 2004.

Boyd, Danah and Kate Crawford. “Critical questions for big data. Provocations for a cultural, technological, and scholarly phenomenon”. Information, Communication & Society 15 (2012): 662-679. https://doi.org/10.1080/1369118x.2012.678878

Bradshaw, Simon, Christopher Millard and Ian Walden. “Contracts for clouds: Comparison and analysis of the terms and conditions of cloud computing services”. Queen Mary School of Law Legal Studies, 63 (2010), https://doi.org/10.2139/ssrn.1662374.

César, Jasmien and Julien Debussche. “Novel EU legal requirements in big data security. Big data – big security headaches?”. Journal of Intellectual Property, Information Technology and E-Commerce Law 8 (2017): 79-88.

Cisco. “Visual networking index: Global mobile data traffic forecast update 2016-2021”. 28 March 2017, https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/mobile-white-paper-c11-520862.html.

Colangelo, Giuseppe and Mariateresa Maggiolino, “Data accumulation and the privacyantitrust interface: Insights from the Facebook case for the EU and the U.S.”, TTLF Working Papers, 31 (2018): 2-46.

Columbus, Louis. “Cloud computing market projected to reach $411B by 2020”. Forbes. October 18, 2017. https://www.forbes.com/sites/louiscolumbus/2017/10/18/cloud-computing-market-projected-to-reach-411b-by-2020/#6c64eb9278f2.

Cook, James. “FBI director: China has hacked every big US company”. Business Insider. October 6, 2014. http://www.businessinsider.com/fbi-director-china-has-hackedevery-big-us-company-2014-10?IR=T.

De Filippi, Primavera. “Big data, big responsibilities”. Internet Policy Review 3 (2014): 1-12. https://doi.org/10.14763/2014.1.227

Dupont, Benoit. “The cyber security environment to 2022: Trends, drivers and implications”, 2012. https://doi.org/10.2139/ssrn.2208548.

ENISA.“Cloudcomputing. Benefits, risksandrecommendationsforinformationsecurity”, 2012. https://resilience.enisa.europa.eu/cloud-security-and-resilience/publications/cloud-computing-benefits-risks-and-recommendations-for-information-security.

ENISA. “Cyber security and resilience of intelligent public transport. Good practices and recommendations”, 2016. https://www.enisa.europa.eu/publications/good-practices-recommendations.

ENISA. “Cyber security and resilience of smart cars. Good practices and recommendations”, 2017. https://www.enisa.europa.eu/publications/cyber-security-and-resilienceof-smart-cars.

ENISA. “Security and resilience of smart home environments. Good practices and recommendations”, 2015. https://www.enisa.europa.eu/publications/security-resiliencegood-practices.

ENISA. “Smart hospitals. Security and resilience for smart health service and infrastructures”, 2016. https://www.enisa.europa.eu/publications/cyber-security-andresilience-for-smrt-hospitals.

European Commission. “The EU data protection reform and big data factsheet”, 2016. http://ec.europa.eu/justice/data-protection/files/data-protection-bi g-data_factsheet_web_en.pdf.

European Commission. “Unleashing the potential of cloud computing in Europe”. COM (2012) 529 final, 27 September 2012.

European Data Protection Supervisor (EDPS). “Meeting the challenges of big data. A call for transparency, user control, data protection by design and accountability”. Opinion 7/2015, 19 November 2015, https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2015/15-11-19_Big_Data_EN.pdf.

Evans, Dave. “How the Internet of Everything will change the world ... for the better #IoE”. November 7, 2012. https://blogs.cisco.com/digital/how-the-internet-of-everythingwill-change-the-worldfor-the-better-infographic.

Franks, Bill. Taming the Big Data Tidal Wave: Finding Opportunities in Huge Data Streams with Advanced Analytics. New Jersey: John Wiley & Sons, 2012. https://doi.org/10.1002/9781119204275

Gallotti, Cesare. Sicurezza delle Informazioni. Analisi e Gestione del Rischio. Milan: Franco Angeli Edizioni, 2003.

Gantz, John and David Reinsel. “Extracting value from chaos”. International Data Corporation. June 2011. https://uk.emc.com/collateral/analyst-reports/idc-extracting-value-from-chaos-ar.pdf.

Gholami, Ali and Erwin Laure. “Big data security and privacy issues in the cloud”. International Journal of Network Security & its Applications 8 (2015): 59-79. https://doi.org/10.5121/ijnsa.2016.8104

Gleeson, Niamh Christina and Ian Walden. “‘It’s a jungle out there’? Cloud computing, standards and the law”. European Journal of Law and Technology [Online] 5, no. 2 (2014). http://ejlt.org/article/view/363/460.

Hon, W. Kuan, Christopher Millard and Ian Walden. “Negotiating cloud contracts: Looking at clouds from both sides now”. Stanford Technology Law Review 16 (2012): 79-129.

Kalyvas, James R. and Michael R. Overly. “Big data. A business and legal guide”. London: CRC Press, 2015.

Kranzberg, Melvin. “Technology and history: Kranzberg’s laws”. Technology and Culture 27 (1986): 544-560. https://doi.org/10.2307/3105385

Lazar, Nicole. “The big picture: Big data hits the big time”. Chance 25 (2012): 47-49. https://doi.org/10.1080/09332480.2012.726564

Manfredi, Alberto, Francesca Capuano and Matteo Mangini. “La gestione del rischio nel cloud computing: quali approcci e strumenti appropriati”. ICT Security. July /August 2016. http://cloudsecurityalliance.it/wp-content/uploads/2012/12/Rub.-Manfredi-NIS.pdf.

Marr, Bernard. “Here’s why data is not the new oil”. Forbes. March 5, 2018, https://www.forbes.com/sites/bernardmarr/2018/03/05/heres-why-data-is-not-the-new-oil/#41e9d02a3aa9.

Mayer-Schonberger, Viktor and Kenneth Cukier. Big Data: A Revolution That Will Transform How We Live, Work and Think. New York: Houghton Mifflin Harcourt, 2013.

Neil, Richards and Jonathan King. “Big data ethics”. Wake Forest Law Review 49 (2014): 393-432.

OECD. “Data-driven innovation for growth and well-being. Interim synthesis report”.

OECD Publishing, 2014. https://www.oecd.org/sti/inno/data-driven-innovationinterim-synthesis.pdf.

Pearson, Siani. “Privacy, security and trust in cloud computing”. In Privacy and Security for Cloud Computing, Computer Communications and Networks, edited by Siani Pearson, George Yee, 3-42. London: Springer, 2013. https://doi.org/10.1007/978-1-4471-4189-1_1

PwC. “Insurance 2020 & beyond: Reaping the dividends of cyber resilience”. 2015. https://www.pwc.com/gx/en/insurance/publications/assets/reaping-dividendscyber-resilience.pdf.

Richards, Neil M. and Jonathan H. King. “Three paradoxes of big data”. Stanford Law Review online 66 (2013): 41-46.

Rotella, Perry. “Is data the new oil?”. Forbes. April 2, 2012. https://www.forbes.com/sites/perryrotella/2012/04/02/is-data-the-new-oil/#77bbfe6f7db3.

Saccardi, Giuseppe. “Cyber security e resilienza: come gestire il rischio”. Tom’s Hardware. March 4, 2016. https://www.tomshw.it/cyber-security-resilienza-come-gestire-rischio-74808

Schoutem, Edwin. “Cloud computing defined: Characteristics & service levels”. IBM. January 31, 2014. https://www.ibm.com/blogs/cloud-computing/2014/01/31/cloud-computing-defined-characteristics-service-levels/.

Semmler, Sean and Rose Zeeve. “Artificial intelligence: Application today and implications tomorrow”. Duke Law & Technology Review 16 (2017): 85-99.

Singer, P. W. and Allan Friedman. Cybersecurity and Cyberwar: What Everyone Needs to Know. New York, Oxford University Press, 2014.

Smolan, Rick and Jennifer Erwitt. The Human Face of Big Data. China: Against All Odds Productions, 2012.

Steiner, Christopher. Automate This: How Algorithms Came to Rule Our World. London: Penguin, 2012.

Trang, Minhquang N. “Compulsory corporate cyber-liability insurance: Outsourcing data privacy regulation to prevent and mitigate data breaches”. The Minnesota Journal of Law, Science & Technology 18 (2017): 389-425.

Wagle, Shyam S. “Cloud computing contracts. Regulatory issues and cloud providers’ offer: An analysis”. IFIP (2016), http://docplayer.net/42226495-Cloud-computingcontracts.html.

Webster, Frank. Theories of the Information Society. New York: Routledge, 2014.